Bug 454579
Summary: | user cannot run "/bin/su" | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jens Petersen <petersen> |
Component: | coreutils | Assignee: | Ondrej Vasik <ovasik> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | dwalsh, twaugh, wwoods |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-07-10 13:39:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jens Petersen
2008-07-09 03:37:59 UTC
Thanks for report, it reminds me one similar bugzilla which was problem in libuser/gdm(#441511). What does `type su` reports for that normal user(is /bin in PATH)? what does `rpm -V coreutils` print? What runlevel are you using(I mean does it occur even for runlevel 3 or only for 5?)? Does it occur even with SELinux in permissive mode? Is this fresh install of rawhide or some upgrade from F8/F9? Does it work if logged as root? Just trying to find out what went wrong, as it works ok for me. (In reply to comment #1) > libuser/gdm(#441511) Yes it looks similar. > What does `type su` reports for that normal user -bash: type: su: not found > (is /bin in PATH)? sure > what does `rpm -V coreutils` print? $ rpm -V coreutils missing /bin/su (Permission denied) # rpm -V coreutils # ls -lZ /bin/su -rwsr-xr-x root root system_u:object_r:su_exec_t:s0 /bin/su > What runlevel are you using (I mean does it occur even for runlevel 3 or only for 5?)? This was default, runlevel 5. Yes with runlevel 3 too. > Does it occur even with SELinux in permissive mode? No that seems to workaround it. :) > Is this fresh install of rawhide or some upgrade from F8/F9? Yes a fresh install of today's (and recent) rawhide-i386. > Does it work if logged as root? Yes Thanks, seems to be reasonable to add Dan Walsh to cc, as it doesn't occur for permissive. Are there any AVC messages in selinux log? I can't see any avc denials. You updated to FC9 and the selinux-policy postinstall did not fire properly. The following commands should fix the problem # semanage user -a -S targeted -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u # semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 __default__ # semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 root # semanage user -a -S targeted -P user -R guest_r guest_u # semanage user -a -S targeted -P user -R xguest_r xguest_u You will need to log out and log back in. It's not intentional. The root cause of this is a bug installing the policy files (see bug 454435). Future installs of rawhide shouldn't have this problem, but if your system is afflicted, Dan's workaround in Comment #5 will fix it. *** This bug has been marked as a duplicate of 454435 *** |