Bug 454579

Summary:	user cannot run "/bin/su"
Product:	[Fedora] Fedora	Reporter:	Jens Petersen <petersen>
Component:	coreutils	Assignee:	Ondrej Vasik <ovasik>
Status:	CLOSED DUPLICATE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	low	Docs Contact:
Priority:	low
Version:	rawhide	CC:	dwalsh, twaugh, wwoods
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2008-07-10 13:39:58 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Jens Petersen 2008-07-09 03:37:59 UTC

Description of problem:
It is not possible for normal users to run "su" now in rawhide.
Is that intentional?

Version-Release number of selected component (if applicable):
coreutils-6.12-5.fc10

How reproducible:
every time

Steps to Reproduce:
1. install rawhide
2. login in as regular user
3. run su in shell to become root
  
Actual results:
3. su not found:
-bash: su: command not found

Expected results:
3. su to run normally

Comment 1 Ondrej Vasik 2008-07-09 06:57:30 UTC

Thanks for report, it reminds me one similar bugzilla which was problem in
libuser/gdm(#441511). What does `type su` reports for that normal user(is /bin
in PATH)? what does `rpm -V coreutils` print? What runlevel are you using(I mean
does it occur even for runlevel 3 or only for 5?)? Does it occur even with
SELinux in permissive mode? Is this fresh install of rawhide or some upgrade
from F8/F9? Does it work if logged as root? Just trying to find out what went
wrong, as it works ok for me.

Comment 2 Jens Petersen 2008-07-09 08:15:54 UTC

(In reply to comment #1)
> libuser/gdm(#441511)

Yes it looks similar.

> What does `type su` reports for that normal user

-bash: type: su: not found

> (is /bin in PATH)?

sure

> what does `rpm -V coreutils` print?

$ rpm -V coreutils
missing    /bin/su (Permission denied)

# rpm -V coreutils
# ls -lZ /bin/su
-rwsr-xr-x  root root system_u:object_r:su_exec_t:s0   /bin/su

> What runlevel are you using (I mean does it occur even for runlevel 3 or only
for 5?)?

This was default, runlevel 5.   Yes with runlevel 3 too.

> Does it occur even with SELinux in permissive mode?

No that seems to workaround it. :)

> Is this fresh install of rawhide or some upgrade from F8/F9?

Yes a fresh install of today's (and recent) rawhide-i386.

> Does it work if logged as root?

Yes

Comment 3 Ondrej Vasik 2008-07-09 20:41:00 UTC

Thanks, seems to be reasonable to add Dan Walsh to cc, as it doesn't occur for
permissive. Are there any AVC messages in selinux log?

Comment 4 Jens Petersen 2008-07-10 05:21:10 UTC

I can't see any avc denials.

Comment 5 Daniel Walsh 2008-07-10 13:39:58 UTC

You updated to FC9 and the selinux-policy postinstall did not fire properly.

The following commands should fix the problem

# semanage user -a -S targeted -P user -R "unconfined_r system_r" -r
s0-s0:c0.c1023 unconfined_u 
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 __default__
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 root
# semanage user -a -S targeted  -P user -R guest_r guest_u
# semanage user -a -S targeted  -P user -R xguest_r xguest_u

You will need to log out and log back in.

Comment 6 Will Woods 2008-07-10 13:58:21 UTC

It's not intentional. The root cause of this is a bug installing the policy
files (see bug 454435).

Future installs of rawhide shouldn't have this problem, but if your system is
afflicted, Dan's workaround in Comment #5 will fix it.



*** This bug has been marked as a duplicate of 454435 ***