[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

F9: su and sudo don't work as user

From: Chuck Anderson <cra WPI EDU>
To: fedora-selinux-list redhat com
Subject: F9: su and sudo don't work as user
Date: Thu, 12 Jun 2008 20:34:42 -0400

Ok, I thought this was a known issue but I can't seem to find it 
mentioned anywhere.  I have a F9 system that "su" and "sudo" don't 
work on.  I noticed that my context was user_u rather than 
unconfined_u:


Login on the console as cra:

[cra system 20:25:34 /home/cra]>id
uid=10002(cra) gid=10002(cra) groups=1000(netops),2011(mirror),10002(cra) context=user_u:user_r:user_t:s0
[cra system 20:25:36 /home/cra]>su
/bin/su: Permission denied.
[cra system 20:25:37 /home/cra]>sudo
sudo: setresuid(ROOT_UID, 1, ROOT_UID): Operation not permitted

So I tried to go in as root and fix the context like this:

Login on the console as root:

[root system ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 22
Policy from config file:        targeted

[root system ~]# setenforce 0
[root system ~]# semanage login -l

Login Name                SELinux User              MLS/MCS Range            

__default__               unconfined_u              s0                       
root                      root                      s0-s0:c0.c1023           
system_u                  system_u                  s0-s0:c0.c1023           

[root system ~]# semanage login -m -s unconfined_u root
libsemanage.validate_handler: selinux user unconfined_u does not exist (No such file or directory).
libsemanage.validate_handler: seuser mapping [root -> (unconfined_u, s0-s0:c0.c1023)] is invalid (No such file or directory).
libsemanage.dbase_llist_iterate: could not iterate over records (No such file or directory).
/usr/sbin/semanage: Could not modify login mapping for root

[root system ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 22
Policy from config file:        targeted

[root system ~]# setenforce 1
[root system ~]# exit

But it didn't work as you can see.  I'm running these versions:

kernel-2.6.25.4-30.fc9.x86_64
selinux-policy-targeted-3.3.1-64.fc9.noarch

Can someone please help?

Thanks.

Follow-Ups:
- Re: F9: su and sudo don't work as user
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]