Bug 117525 - can't su at all ...
can't su at all ...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: coreutils (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-04 17:30 EST by Bill Nottingham
Modified: 2014-03-16 22:43 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-05-18 05:05:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Bill Nottingham 2004-03-04 17:30:22 EST
... because user_t can't read /bin/su.

rawhide-20040304, enforcing=1.

Policy has been reloaded a few times.
Comment 1 Tim Waugh 2004-03-05 07:24:06 EST
Policy needs:

allow user_t su_exec_t:file { execute getattr };

Now what?
Comment 2 Tim Waugh 2004-03-05 08:20:14 EST
Hmm, not that simple.  So far I've needed to add:

allow user_t su_exec_t:file { execute execute_no_trans getattr read };
allow user_t user_t:capability { setuid };

Does that sound right?
Comment 3 Daniel Walsh 2004-03-05 08:46:47 EST
You need to change you user account to a staff  account. Then relabel
your home directories.

Normal user accounts are not allowed to ececute the su command.

Dan
Comment 4 Tim Waugh 2004-03-05 09:08:41 EST
Okay -- can you point me in the right direction for doing that?  What
command is it?  Thanks.
Comment 5 Miloslav Trmac 2004-03-05 09:13:56 EST
That looks like something that should be mentioned in release notes
(bug 114398).
Comment 6 Bill Nottingham 2004-03-05 10:56:24 EST
That's not really consistent with the minimal policy, though. Whether
that's a bug or not, I'm not sure.
Comment 7 Tim Waugh 2004-05-18 05:05:58 EDT
User accounts can run su now.  Closing.

Note You need to log in before you can comment on or make changes to this bug.