When running vipw/vigr as root in a terminal the following appears: Vim: Warning: Output is not to a terminal Vim: Warning: Input is not from a terminal Keypresses appear "raw" instead of showing their normal effect. They do still appear to work though, although the only thing I really tried in that state was ":q!".
If the editor is other than vi then it is impossible to get out of it - I use joe and I'm not able to CTRL-C out of it - I have to kill it from another console. In single user mode I'd have to reset the system.
It seems that something got updated in the meantime that fixed the problem. I'll look into it a little more.
bug 162844 also deals with this... FC4 selinux seems to be involved...
setenforce 0 causes vipw to work just fine...
A better workaround than turning off selinux (when using targeted policy): 1. Install selinux-policy-targeted-sources package: yum install selinux-policy-targeted-sources 2. Add a line: allow sysadm_passwd_t devpts_t:chr_file ioctl; to /etc/selinux/targeted/src/policy/domains/misc/local.te 3. make -C /etc/selinux/targeted/src/policy reload I think "component" for this bug should be changed to selinux-policy-targeted and the bug assigned to Daniel Walsh - policy maintainer.
well, of course you should turn it back on after...
*** Bug 162844 has been marked as a duplicate of this bug. ***
actually, 162844 was first...
Fixed in selinux-policy-targetd-1.25.3-9
I don't know if the "fix" broke it for me. But vipw does NOT work at all if I login on the text console. No error message is displayed, I just return back to the command prompt. vipw works if I SSH in using PuTTY. vipw works if I run X Windows and start a terminal. With the text console, when I run vipw, I get the following in /var/log/audit/audit.log type=AVC msg=audit(1123474668.338:12872868): avc: denied { search } for pid=20917 comm="vim" name="sys" dev=proc ino=-268435431 scontext=root:system_r:sysadm_passwd_t tcontext=system_u:object_r:sysctl_t tclass=dir type=SYSCALL msg=audit(1123474668.338:12872868): arch=40000003 syscall=5 success=no exit=-13 a0=d11170 a1=0 a2=bfbd6c60 a3=0 items=1 pid=20917 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="vim" exe="/usr/bin/vim" type=CWD msg=audit(1123474668.338:12872868): cwd="/etc" type=PATH msg=audit(1123474668.338:12872868): item=0 name="/proc/sys/kernel/version" flags=101 inode=4026531865 dev=00:03 mode=040555 ouid=0 ogid=0 rdev=00:00 I'm pretty sure that vipw was working before with the text console, since that is primarily what I use on the system. Also here is an strace dump of the failed vipw: execve("/usr/sbin/vipw", ["vipw"], [/* 20 vars */]) = 0 brk(0) = 0x9b37000 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f15000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=45866, ...}) = 0 old_mmap(NULL, 45866, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f09000 close(3) = 0 open("/lib/libselinux.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\225"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=68864, ...}) = 0 old_mmap(0xb67000, 68592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb67000 old_mmap(0xb77000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10000) = 0xb77000 close(3) = 0 open("/lib/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\n\317\272"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1489572, ...}) = 0 old_mmap(0xb98000, 1219548, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb98000 old_mmap(0xcbc000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0xcbc000 old_mmap(0xcc0000, 7132, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcc0000 close(3) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f08000 set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f086c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 mprotect(0xcbc000, 8192, PROT_READ) = 0 mprotect(0xb94000, 4096, PROT_READ) = 0 munmap(0xb7f09000, 45866) = 0 access("/etc/selinux/", F_OK) = 0 brk(0) = 0x9b37000 brk(0x9b58000) = 0x9b58000 open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied) open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3 fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f14000 read(3, "rootfs / rootfs rw 0 0\n/dev /dev"..., 1024) = 520 close(3) = 0 munmap(0xb7f14000, 4096) = 0 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=48520880, ...}) = 0 mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d08000 close(3) = 0 setrlimit(RLIMIT_CPU, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 setrlimit(RLIMIT_FSIZE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 setrlimit(RLIMIT_STACK, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 setrlimit(RLIMIT_DATA, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 setrlimit(RLIMIT_RSS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=0}) = 0 rt_sigaction(SIGALRM, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGHUP, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGINT, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGTERM, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGTSTP, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGTTOU, {SIG_IGN}, {SIG_DFL}, 8) = 0 umask(0) = 022 open("/etc/ptmptmp", O_WRONLY|O_CREAT|O_LARGEFILE, 0600) = 3 link("/etc/ptmptmp", "/etc/ptmp") = 0 unlink("/etc/ptmptmp") = 0 open("/etc/passwd", O_RDONLY|O_LARGEFILE) = 4 read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 8192) = 2589 write(3, "root:x:0:0:root:/root:/bin/bash\n"..., 2589) = 2589 read(4, "", 8192) = 0 close(4) = 0 close(3) = 0 stat64("/etc/ptmp", {st_mode=S_IFREG|0600, st_size=2589, ...}) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f08708) = 19217 waitpid(19217, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], WSTOPPED) = 19217 --- SIGCHLD (Child exited) @ 0 (0) --- write(2, "vipw: ", 6) = 6 write(2, "vim: ", 5) = 5 open("/usr/share/locale/locale.alias", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=2528, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d07000 read(3, "# Locale name alias data base.\n#"..., 4096) = 2528 read(3, "", 4096) = 0 close(3) = 0 munmap(0xb7d07000, 4096) = 0 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "Permission denied\n", 18) = 18 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "vipw: /etc/passwd unchanged\n", 28) = 28 unlink("/etc/ptmp") = 0 exit_group(1) = ?