Bug 595046 - Network and Selinux Management display error from System, Administration menu
Network and Selinux Management display error from System, Administration menu
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: usermode (Show other bugs)
12
i686 Linux
low Severity high
: ---
: ---
Assigned To: Miloslav Trmač
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-23 00:09 EDT by dcpub
Modified: 2013-01-10 00:58 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-26 17:48:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
gui error message (5.39 KB, image/png)
2010-05-23 00:09 EDT, dcpub
no flags Details

  None (edit)
Description dcpub 2010-05-23 00:09:56 EDT
Created attachment 415915 [details]
gui error message

Description of problem:
When running System, Administration, Network or SELinux Management, a gui screen appears that says Insufficient rights.  If run as root, they function fine.

Version-Release number of selected component (if applicable):
system-config-network vers: 1.6.0

How reproducible:
repeatable

Steps to Reproduce:
1. run either system-config-network or system-config-selinux
2.
3.
  
Actual results:
same as description

Expected results:


Additional info:
Occurred after recent updates.
Comment 1 Miloslav Trmač 2010-05-24 12:36:55 EDT
Thanks for your report.

Can you reproduce the problem at will?

This should be caused by one of the following:
* Your account information can not be retrieved (e.g. LDAP server unavailable)
* Your account has expired
* Your password has expired
Is any of these true?  For example, can you (su your_user_name) and authenticate correctly?

In any case, the error message will need to be more detailed in the future.
Comment 2 dcpub 2010-05-24 13:28:57 EDT
Yes, this can be duplicated at will.

Have no problem with user password.  None of the issues above apply but I will check again.  I will have to try the su my_user_name and get back to you.  Don't have the laptop with me right now.

As I said above, root login allows me to run both system-config-network and system-config-selinux with no issues.

I will try to get more detail when running it as my user from a terminal.
Comment 3 dcpub 2010-05-24 21:52:13 EDT
Ok, doing su my_user_name I get the following:

  userhelper must be setuid root

with either of the system-configs listed above.  This is the only message that appears.  This also happens with system-config-users.  I suspect that other system-config commands might do the same.

my_user_name account has not expired and has no expiration set.
Comment 4 Miloslav Trmač 2010-05-24 22:05:53 EDT
Thanks, that does explain the immediate cause of the error message.

Searching for the root cause, can you paste the output of:
- stat -Z /usr/sbin/userhelper 
- rpm -V usermode
- grep nosuid /proc/mounts 
please?

Perhaps also try running (restorecon -v /usr/sbin/userhelper) and if there is any output, can you paste it here as well, please?
Comment 5 dcpub 2010-05-25 20:21:45 EDT
Here's the outputs:

# stat -Z /usr/sbin/userhelper
stat: Kernel is not SELinux enabled
Try `stat --help' for more information.

# rpm -V usermode
.M.......    /usr/sbin/userhelper
.M.......  d /usr/share/doc/usermode-1.104/COPYING
.M.......  d /usr/share/doc/usermode-1.104/ChangeLog
.M.......  d /usr/share/doc/usermode-1.104/NEWS
.M.......  d /usr/share/doc/usermode-1.104/README
.M.......    /usr/share/locale/ar/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/as/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ast/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/be/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/bg/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/bn/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/bn_IN/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/bs/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ca/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/cs/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/cy/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/da/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/de/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/de_CH/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/el/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/en_GB/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/es/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/et/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/fa/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/fi/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/fr/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/gl/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/gu/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/he/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/hi/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/hr/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/hu/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/id/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/is/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/it/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ja/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ka/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/kn/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ko/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/lv/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/mai/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/mk/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ml/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/mr/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ms/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/nb/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/nl/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/or/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/pa/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/pl/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/pt/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/pt_BR/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ro/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ru/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/si/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/sk/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/sl/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/sr/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/sr@latin/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/sv/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ta/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/te/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/tg/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/tr/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/uk/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/vi/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/zh_CN/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/zh_TW/LC_MESSAGES/usermode.mo
.M.......  d /usr/share/man/man8/consolehelper.8.gz
.M.......  d /usr/share/man/man8/userhelper.8.gz

# grep nosuid /proc/mounts
gvfs-fuse-daemon /home/david/.gvfs fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 0 0

restorecon -v /usr/sbin/userhelper
   - no output
Comment 6 Miloslav Trmač 2010-05-26 09:32:53 EDT
.M.......    /usr/sbin/userhelper

You can check using (stat /usr/sbin/userhelper) or (ls -l /usr/sbin/userhelper) - the program is most likely not set-UID root.

Have you done this change explicitly?  If not, I don't think we'll able to determine the cause; the output of (stat /usr/sbin/userhelper) might provide some clues, but ultimately we are left guessing - probably a runaway recursive chmod command or something similar.

You should be able to use (rpm --setperms userhelper) to restore the permissions of files contained in this package, and something similar for other packages, if any.
Comment 7 dcpub 2010-05-26 10:54:35 EDT
Ok, ls -l on /usr/sbin/userhelper shows:

-rwxr-xr-x  1 root root 3416 2010-02-25 07:06 /usr/sbin/userhelper

stat as root displays the same message as above.  I did the setperms but of course it did not change anything.

selinux is disabled in enforcing mode.  I put it back into permissive mode and relabeled on reboot.

After reboot, I now get:

# stat -Z /usr/sbin/userhelper
  File: `/usr/sbin/userhelper'
  Size: 34176           Blocks: 72         IO Block: 4096   regular file
Device: 802h/2050d      Inode: 4055139     Links: 1     Device type: 0,0
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
   S_Context: system_u:object_r:userhelper_exec_t:s0
Access: 2010-05-26 10:52:34.000000000 -0400
Modify: 2010-02-25 07:06:54.000000000 -0500
Change: 2010-05-26 10:45:28.000000000 -0400
Comment 8 dcpub 2010-05-26 10:57:32 EDT
Also, still have insufficent rights message
Comment 9 Miloslav Trmač 2010-05-26 11:07:11 EDT
If setperms does not work, "chmod u+s /usr/sbin/userhelper" should.
Comment 10 dcpub 2010-05-26 12:27:06 EDT
Ok, chmod u+s fixed it.  Rights message is gone.

Thanks
Comment 11 Miloslav Trmač 2010-05-26 17:48:09 EDT
Thank you.

I'd love to know how the permissions got damaged - but I have no idea how, and usermode is most likely not involved.
Comment 12 dcpub 2010-05-26 19:49:10 EDT
Well the only activity on this laptop so far were updates, I had disabled selinux, and I compiled one program.  May never know.

Note You need to log in before you can comment on or make changes to this bug.