SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Role questions This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Artur M. Piwko <pipen_at_pu.kielce.pl> Date: Thu, 23 Sep 2004 16:15:01 +0200 Artur M. Piwko wrote: > 1. When I su - from myuser:staff_r:staff_t to root I'm still myuser, > instead of root:staff_r:staff_t. What I did wrong? Still working on it. Naturally users are defined in /etc/selinux/src/users. user root roles { staff_r sysadm_r ifdef(`direct_sysadm_daemon', `system_r') }; user myuser roles { staff_r sysadm_r ifdef(`direct_sysadm_daemon', `system_r') }; > 2. How can one set up initial sysadm_r password? All i see is: > > # newrole -r sysadm_r > Authenticating myuser. > newrole: incorrect password for myser > I browsed newrole.c. The problem was PAM. This is what /etc/pam.d/newrole looked like after policycoreutils installation: auth required /lib/security/$ISA/pam_stack.so service=system-auth account required /lib/security/$ISA/pam_stack.so service=system-auth password required /lib/security/$ISA/pam_stack.so service=system-auth session required /lib/security/$ISA/pam_stack.so service=system-auth session optional /lib/security/$ISA/pam_xauth.so None of the libs were present. Removing these lines helped. Same apply to /etc/pam.d/run_init. -- Artur M. Piwko : AMP29-RIPE : ISPC:+48413496205 : jab:pipen@jabberpl.org Akademia Swietokrzyska :: Uczelniane Centrum Informatyczne :: Kielce PGP id:B969478F finger:35E6 E3A3 8120 F000 1375 5A1C 23A8 1A71 B969 478F "Death is just life's way of telling you you've been fired" -- unknown -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 23 Sep 2004 - 10:12:35 EDT This message: [ Message body ] Next message: James R. Marcus: "bash_profile: Permission denied" Previous message: Daniel J Walsh: "Remove unrestricted_admin" In reply to: Artur M. Piwko: "Role questions" Next in thread: Stephen Smalley: "Re: Role questions" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom