Bug 120158 - cannot add user accounts in selinux warn mode
Summary: cannot add user accounts in selinux warn mode
Alias: None
Product: Fedora
Classification: Fedora
Component: shadow-utils   
(Show other bugs)
Version: rawhide
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Eido Inoue
QA Contact:
Keywords: SELinux
Depends On:
Blocks: 122683
TreeView+ depends on / blocked
Reported: 2004-04-06 14:35 UTC by Martin Robb
Modified: 2007-11-30 22:10 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-03 16:10:03 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Martin Robb 2004-04-06 14:35:26 UTC
Description of problem:
I installed Fedora Core 2 Test 2 with selinux in non-enforcing (warn)
mode.  The creation of a non-superuser account failed silently.  After
logging in as root, I tried adduser and useradd.   Both failed with
the error:  cannot rewrite password file.

Upon reinstalling with selinux in disabled mode the creation of the
non-superuser account succeeded.

BTW, my initial selinux install was in enforcing (active mode).  The
system booted, but could not run gnome and would not give me a text
login prompt.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Daniel Walsh 2004-12-03 16:10:03 UTC
Seems to work fine in FC3.

Comment 2 Runar Ingebrigtsen 2005-01-05 23:58:48 UTC
Bug is back again when using selinux-policy-targeted_1.17.30-2.66_noarch.rpm on
FC3. Strangely, there are no users at all. Should think firstboot made one after
information was filled out, but obviously that didn't happen.

Comment 3 Eido Inoue 2005-01-06 17:42:18 UTC
Comment 2: Works for me with FC3 and selinux-policy-targeted-1.17.30-2.66

Comment 4 Mykel Alvis 2005-01-30 09:39:11 UTC
Does not work for me in FC3 with selinux-policy-targeted-1.17.30-2.73.

I did have a hiccup during install in that when I rebooted, I needed
to go to init 3 (X doesn't work on this box for whatever reason) so I
booted from the rescue cd, changed the init level in inittab and
rebooted and firstboot came up fine.  It asked for user info but
didn't actually create the user.

Comment 5 Mykel Alvis 2005-01-30 09:40:19 UTC
libselinux-1.19.1-8 also

Comment 6 Mykel Alvis 2005-01-30 09:43:36 UTC
correction.  The user (mykel in this case) was added during firstboot.
 But any attempt to change mykel's password using passwd as root
results in 'passwd: Authentication failure'
If I 'su - mykel', and try to passwd, I enter what I know to be
mykel's password and I get an Authentication token manipulation error.

Comment 7 Daniel Walsh 2005-01-31 16:05:48 UTC
What file system are you using?  We only support ext3/ext2.

Comment 8 Mykel Alvis 2005-01-31 17:37:46 UTC
And that's the issue.  The entire system is on reiserfs.  Thanks for
the info.  The descent into madness (from not knowing why this was
happening) has been staved off. I reformatted ext3 and things went fine.

I didn't note anywhere in any documentation that ext[2-3] fs was the
only supported fs.  I chose linux reiserfs at install time and
installed my system to an entirely reiser fs.  Obviously you're
telling me that this doesn't work and I accept that.  But the results
are [to me] non-intuitive even for the Linux world.

For informational purposes:
Is it a condition of selinux or is it just that FC won't install to
reiser?  I haven't tried to do a root install to reiser again.  

How do I get the ability to add users and change passwords?  Is there
some alternate path or do must I do a reformat/reinstall with ext3?  

Is this actually documented somewhere that I wasn't diligent enough to

Comment 10 Runar Ingebrigtsen 2005-02-02 12:54:00 UTC
So, it's ReiserFS for me too.

Any idea when they will support the right label?

Comment 11 Daniel Walsh 2005-02-02 13:10:53 UTC
Sorry, no idea.  I would ask this type of question at 


Note You need to log in before you can comment on or make changes to this bug.