This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 454579

Summary: user cannot run "/bin/su"
Product: [Fedora] Fedora Reporter: Jens Petersen <petersen>
Component: coreutilsAssignee: Ondrej Vasik <ovasik>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: dwalsh, twaugh, wwoods
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-10 09:39:58 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:

Description Jens Petersen 2008-07-08 23:37:59 EDT
Description of problem:
It is not possible for normal users to run "su" now in rawhide.
Is that intentional?

Version-Release number of selected component (if applicable):
coreutils-6.12-5.fc10

How reproducible:
every time

Steps to Reproduce:
1. install rawhide
2. login in as regular user
3. run su in shell to become root
  
Actual results:
3. su not found:
-bash: su: command not found

Expected results:
3. su to run normally
Comment 1 Ondrej Vasik 2008-07-09 02:57:30 EDT
Thanks for report, it reminds me one similar bugzilla which was problem in
libuser/gdm(#441511). What does `type su` reports for that normal user(is /bin
in PATH)? what does `rpm -V coreutils` print? What runlevel are you using(I mean
does it occur even for runlevel 3 or only for 5?)? Does it occur even with
SELinux in permissive mode? Is this fresh install of rawhide or some upgrade
from F8/F9? Does it work if logged as root? Just trying to find out what went
wrong, as it works ok for me.
Comment 2 Jens Petersen 2008-07-09 04:15:54 EDT
(In reply to comment #1)
> libuser/gdm(#441511)

Yes it looks similar.

> What does `type su` reports for that normal user

-bash: type: su: not found

> (is /bin in PATH)?

sure

> what does `rpm -V coreutils` print?

$ rpm -V coreutils
missing    /bin/su (Permission denied)

# rpm -V coreutils
# ls -lZ /bin/su
-rwsr-xr-x  root root system_u:object_r:su_exec_t:s0   /bin/su

> What runlevel are you using (I mean does it occur even for runlevel 3 or only
for 5?)?

This was default, runlevel 5.   Yes with runlevel 3 too.

> Does it occur even with SELinux in permissive mode?

No that seems to workaround it. :)

> Is this fresh install of rawhide or some upgrade from F8/F9?

Yes a fresh install of today's (and recent) rawhide-i386.

> Does it work if logged as root?

Yes
Comment 3 Ondrej Vasik 2008-07-09 16:41:00 EDT
Thanks, seems to be reasonable to add Dan Walsh to cc, as it doesn't occur for
permissive. Are there any AVC messages in selinux log?
Comment 4 Jens Petersen 2008-07-10 01:21:10 EDT
I can't see any avc denials.
Comment 5 Daniel Walsh 2008-07-10 09:39:58 EDT
You updated to FC9 and the selinux-policy postinstall did not fire properly.

The following commands should fix the problem

# semanage user -a -S targeted -P user -R "unconfined_r system_r" -r
s0-s0:c0.c1023 unconfined_u 
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 __default__
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 root
# semanage user -a -S targeted  -P user -R guest_r guest_u
# semanage user -a -S targeted  -P user -R xguest_r xguest_u

You will need to log out and log back in.
Comment 6 Will Woods 2008-07-10 09:58:21 EDT
It's not intentional. The root cause of this is a bug installing the policy
files (see bug 454435).

Future installs of rawhide shouldn't have this problem, but if your system is
afflicted, Dan's workaround in Comment #5 will fix it.



*** This bug has been marked as a duplicate of 454435 ***