Bug 120158 - cannot add user accounts in selinux warn mode
cannot add user accounts in selinux warn mode
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: shadow-utils (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Eido Inoue
: SELinux
Depends On:
Blocks: 122683
  Show dependency treegraph
 
Reported: 2004-04-06 10:35 EDT by Martin Robb
Modified: 2007-11-30 17:10 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-03 11:10:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Martin Robb 2004-04-06 10:35:26 EDT
Description of problem:
I installed Fedora Core 2 Test 2 with selinux in non-enforcing (warn)
mode.  The creation of a non-superuser account failed silently.  After
logging in as root, I tried adduser and useradd.   Both failed with
the error:  cannot rewrite password file.

Upon reinstalling with selinux in disabled mode the creation of the
non-superuser account succeeded.

BTW, my initial selinux install was in enforcing (active mode).  The
system booted, but could not run gnome and would not give me a text
login prompt.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2004-12-03 11:10:03 EST
Seems to work fine in FC3.
Comment 2 Runar Ingebrigtsen 2005-01-05 18:58:48 EST
Bug is back again when using selinux-policy-targeted_1.17.30-2.66_noarch.rpm on
FC3. Strangely, there are no users at all. Should think firstboot made one after
information was filled out, but obviously that didn't happen.
Comment 3 Eido Inoue 2005-01-06 12:42:18 EST
Comment 2: Works for me with FC3 and selinux-policy-targeted-1.17.30-2.66
Comment 4 Mykel Alvis 2005-01-30 04:39:11 EST
Does not work for me in FC3 with selinux-policy-targeted-1.17.30-2.73.

I did have a hiccup during install in that when I rebooted, I needed
to go to init 3 (X doesn't work on this box for whatever reason) so I
booted from the rescue cd, changed the init level in inittab and
rebooted and firstboot came up fine.  It asked for user info but
didn't actually create the user.
Comment 5 Mykel Alvis 2005-01-30 04:40:19 EST
libselinux-1.19.1-8 also
Comment 6 Mykel Alvis 2005-01-30 04:43:36 EST
correction.  The user (mykel in this case) was added during firstboot.
 But any attempt to change mykel's password using passwd as root
results in 'passwd: Authentication failure'
If I 'su - mykel', and try to passwd, I enter what I know to be
mykel's password and I get an Authentication token manipulation error.
Comment 7 Daniel Walsh 2005-01-31 11:05:48 EST
What file system are you using?  We only support ext3/ext2.
Comment 8 Mykel Alvis 2005-01-31 12:37:46 EST
And that's the issue.  The entire system is on reiserfs.  Thanks for
the info.  The descent into madness (from not knowing why this was
happening) has been staved off. I reformatted ext3 and things went fine.

I didn't note anywhere in any documentation that ext[2-3] fs was the
only supported fs.  I chose linux reiserfs at install time and
installed my system to an entirely reiser fs.  Obviously you're
telling me that this doesn't work and I accept that.  But the results
are [to me] non-intuitive even for the Linux world.

For informational purposes:
Is it a condition of selinux or is it just that FC won't install to
reiser?  I haven't tried to do a root install to reiser again.  

How do I get the ability to add users and change passwords?  Is there
some alternate path or do must I do a reformat/reinstall with ext3?  

Is this actually documented somewhere that I wasn't diligent enough to
 find?
Comment 10 Runar Ingebrigtsen 2005-02-02 07:54:00 EST
So, it's ReiserFS for me too.

Any idea when they will support the right label?
Comment 11 Daniel Walsh 2005-02-02 08:10:53 EST
Sorry, no idea.  I would ask this type of question at 

selinux@tycho.nsa.gov

Note You need to log in before you can comment on or make changes to this bug.