Bug 441548 - SElinux is preventing user access to /bin/su
Summary: SElinux is preventing user access to /bin/su
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-08 17:58 UTC by Orion Poplawski
Modified: 2015-07-02 09:33 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-08 20:27:29 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Orion Poplawski 2008-04-08 17:58:50 UTC
Description of problem:

With enforcing:

$ /bin/su -
bash: /bin/su: Permission denied
$ ls -l /bin
ls: cannot access /bin/su: Permission denied

With permissive it works.  No avc messages.


Version-Release number of selected component (if applicable):
selinux-policy-3.3.1-29.fc9.noarch

Comment 1 Daniel Walsh 2008-04-08 18:11:56 UTC
What user did you login as?

id -Z


Comment 2 Orion Poplawski 2008-04-08 19:14:27 UTC
$ id -Z
user_u:user_r:user_t:s0

Comment 3 Daniel Walsh 2008-04-08 20:27:29 UTC
user_u is considered a user only, is not allowed to run su or any other setuid
application.

If you want to run su you need to be unconfined_t.

guest_u    - nosetuid, nox, nonetwork, noexechomedir
xguest_u   - nosetuid, nonetwork, noexechomedir
user_u     - nosetuid, noexechomedir
staff_u    - nosetuid except sudo 
unconfined_u - Do what you want.

Comment 4 Anupa 2015-07-02 09:33:33 UTC
how to make the user to unconfined_t??


Note You need to log in before you can comment on or make changes to this bug.