Bug 120140 - Normal users cannot execute shell scripts in /opt
Summary: Normal users cannot execute shell scripts in /opt
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-04-06 11:23 UTC by Albert Strasheim
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-04-06 11:58:44 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Albert Strasheim 2004-04-06 11:23:34 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040312

Description of problem:
Normal users cannot execute shell scripts in /opt.

As root:

nano /opt/hello.sh
#!/bin/bash
echo hello

chmox +x /opt/hello.sh
/opt/hello.sh
hello

As normal user:

/opt/hello.sh
bash: /opt/hello.sh: /bin/bash: bad interpreter: Permission denied

The following SELinux error is generated:

Apr  6 13:26:56 asok kernel: audit(1081250816.581:0): avc:  denied  {
execute } for  pid=4515 exe=/bin/bash name=hello.sh dev=hda5
ino=410771 scontext=user_u:user_r:user_t tcontext=root:object_r:usr_t
tclass=file

Version-Release number of selected component (if applicable):
policy-1.9.2-10 bash-2.05b-38 filesystem-2.2.4-1

How reproducible:
Always

Steps to Reproduce:
1. Run shell script in /opt as normal user

Actual Results:  Shell script fails to run

Expected Results:  Shell script should run

Additional info:

I am currently trying to figure out why Gaussian03 (commercial
computational chemistry software) won't run, and since I installed it
under /opt, fixing this bug might fix Gaussian03.
Comment 1 Daniel Walsh 2004-04-06 11:58:44 UTC 
chcon -t bin_t /opt/hello.sh 
will fix it.
Note You need to log in before you can comment on or make changes to this bug.