Description of problem: It is not possible for normal users to run "su" now in rawhide. Is that intentional? Version-Release number of selected component (if applicable): coreutils-6.12-5.fc10 How reproducible: every time Steps to Reproduce: 1. install rawhide 2. login in as regular user 3. run su in shell to become root Actual results: 3. su not found: -bash: su: command not found Expected results: 3. su to run normally
Thanks for report, it reminds me one similar bugzilla which was problem in libuser/gdm(#441511). What does `type su` reports for that normal user(is /bin in PATH)? what does `rpm -V coreutils` print? What runlevel are you using(I mean does it occur even for runlevel 3 or only for 5?)? Does it occur even with SELinux in permissive mode? Is this fresh install of rawhide or some upgrade from F8/F9? Does it work if logged as root? Just trying to find out what went wrong, as it works ok for me.
(In reply to comment #1) > libuser/gdm(#441511) Yes it looks similar. > What does `type su` reports for that normal user -bash: type: su: not found > (is /bin in PATH)? sure > what does `rpm -V coreutils` print? $ rpm -V coreutils missing /bin/su (Permission denied) # rpm -V coreutils # ls -lZ /bin/su -rwsr-xr-x root root system_u:object_r:su_exec_t:s0 /bin/su > What runlevel are you using (I mean does it occur even for runlevel 3 or only for 5?)? This was default, runlevel 5. Yes with runlevel 3 too. > Does it occur even with SELinux in permissive mode? No that seems to workaround it. :) > Is this fresh install of rawhide or some upgrade from F8/F9? Yes a fresh install of today's (and recent) rawhide-i386. > Does it work if logged as root? Yes
Thanks, seems to be reasonable to add Dan Walsh to cc, as it doesn't occur for permissive. Are there any AVC messages in selinux log?
I can't see any avc denials.
You updated to FC9 and the selinux-policy postinstall did not fire properly. The following commands should fix the problem # semanage user -a -S targeted -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u # semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 __default__ # semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 root # semanage user -a -S targeted -P user -R guest_r guest_u # semanage user -a -S targeted -P user -R xguest_r xguest_u You will need to log out and log back in.
It's not intentional. The root cause of this is a bug installing the policy files (see bug 454435). Future installs of rawhide shouldn't have this problem, but if your system is afflicted, Dan's workaround in Comment #5 will fix it. *** This bug has been marked as a duplicate of 454435 ***