Bug 454579 - user cannot run "/bin/su"
user cannot run "/bin/su"
Status: CLOSED DUPLICATE of bug 454435
Product: Fedora
Classification: Fedora
Component: coreutils (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Ondrej Vasik
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-08 23:37 EDT by Jens Petersen
Modified: 2008-07-10 09:58 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-10 09:39:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jens Petersen 2008-07-08 23:37:59 EDT
Description of problem:
It is not possible for normal users to run "su" now in rawhide.
Is that intentional?

Version-Release number of selected component (if applicable):
coreutils-6.12-5.fc10

How reproducible:
every time

Steps to Reproduce:
1. install rawhide
2. login in as regular user
3. run su in shell to become root
  
Actual results:
3. su not found:
-bash: su: command not found

Expected results:
3. su to run normally
Comment 1 Ondrej Vasik 2008-07-09 02:57:30 EDT
Thanks for report, it reminds me one similar bugzilla which was problem in
libuser/gdm(#441511). What does `type su` reports for that normal user(is /bin
in PATH)? what does `rpm -V coreutils` print? What runlevel are you using(I mean
does it occur even for runlevel 3 or only for 5?)? Does it occur even with
SELinux in permissive mode? Is this fresh install of rawhide or some upgrade
from F8/F9? Does it work if logged as root? Just trying to find out what went
wrong, as it works ok for me.
Comment 2 Jens Petersen 2008-07-09 04:15:54 EDT
(In reply to comment #1)
> libuser/gdm(#441511)

Yes it looks similar.

> What does `type su` reports for that normal user

-bash: type: su: not found

> (is /bin in PATH)?

sure

> what does `rpm -V coreutils` print?

$ rpm -V coreutils
missing    /bin/su (Permission denied)

# rpm -V coreutils
# ls -lZ /bin/su
-rwsr-xr-x  root root system_u:object_r:su_exec_t:s0   /bin/su

> What runlevel are you using (I mean does it occur even for runlevel 3 or only
for 5?)?

This was default, runlevel 5.   Yes with runlevel 3 too.

> Does it occur even with SELinux in permissive mode?

No that seems to workaround it. :)

> Is this fresh install of rawhide or some upgrade from F8/F9?

Yes a fresh install of today's (and recent) rawhide-i386.

> Does it work if logged as root?

Yes
Comment 3 Ondrej Vasik 2008-07-09 16:41:00 EDT
Thanks, seems to be reasonable to add Dan Walsh to cc, as it doesn't occur for
permissive. Are there any AVC messages in selinux log?
Comment 4 Jens Petersen 2008-07-10 01:21:10 EDT
I can't see any avc denials.
Comment 5 Daniel Walsh 2008-07-10 09:39:58 EDT
You updated to FC9 and the selinux-policy postinstall did not fire properly.

The following commands should fix the problem

# semanage user -a -S targeted -P user -R "unconfined_r system_r" -r
s0-s0:c0.c1023 unconfined_u 
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 __default__
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 root
# semanage user -a -S targeted  -P user -R guest_r guest_u
# semanage user -a -S targeted  -P user -R xguest_r xguest_u

You will need to log out and log back in.
Comment 6 Will Woods 2008-07-10 09:58:21 EDT
It's not intentional. The root cause of this is a bug installing the policy
files (see bug 454435).

Future installs of rawhide shouldn't have this problem, but if your system is
afflicted, Dan's workaround in Comment #5 will fix it.



*** This bug has been marked as a duplicate of 454435 ***

Note You need to log in before you can comment on or make changes to this bug.