Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 441548 - SElinux is preventing user access to /bin/su
SElinux is preventing user access to /bin/su
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-04-08 13:58 EDT by Orion Poplawski
Modified: 2015-07-02 05:33 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-08 16:27:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2008-04-08 13:58:50 EDT
Description of problem:

With enforcing:

$ /bin/su -
bash: /bin/su: Permission denied
$ ls -l /bin
ls: cannot access /bin/su: Permission denied

With permissive it works.  No avc messages.

Version-Release number of selected component (if applicable):
Comment 1 Daniel Walsh 2008-04-08 14:11:56 EDT
What user did you login as?

id -Z
Comment 2 Orion Poplawski 2008-04-08 15:14:27 EDT
$ id -Z
Comment 3 Daniel Walsh 2008-04-08 16:27:29 EDT
user_u is considered a user only, is not allowed to run su or any other setuid

If you want to run su you need to be unconfined_t.

guest_u    - nosetuid, nox, nonetwork, noexechomedir
xguest_u   - nosetuid, nonetwork, noexechomedir
user_u     - nosetuid, noexechomedir
staff_u    - nosetuid except sudo 
unconfined_u - Do what you want.
Comment 4 Anupa 2015-07-02 05:33:33 EDT
how to make the user to unconfined_t??

Note You need to log in before you can comment on or make changes to this bug.