1 |
Did you use newrole to change roles to sysadm_r before trying su? |
2 |
|
3 |
-Tad |
4 |
|
5 |
> -----Original Message----- |
6 |
> From: Bill McCarty [mailto:bmccarty@××××××.net] |
7 |
> Sent: Monday, January 12, 2004 10:12 PM |
8 |
> To: gentoo-hardened@l.g.o |
9 |
> Subject: [gentoo-hardened] su command |
10 |
> |
11 |
> Hi all, |
12 |
> |
13 |
> I recently set up SELinux under Gentoo and find that SELinux is |
14 |
> prohibiting |
15 |
> ordinary users from running su. Is this intentional? Since I generally |
16 |
> prohibit root logins via SSH, access to su is important to me; I cannot |
17 |
> otherwise administer the system remotely. |
18 |
> |
19 |
> I'm using pam-0.77, which is the version that I understand to be |
20 |
> SELinux-compliant. The users have context user_u:user_r:user_t and the su |
21 |
> executable has context system_u:object_r:su_exec_t. Where else might I |
22 |
> look |
23 |
> for a possible error in my configuration? |
24 |
> |
25 |
> The possibility that makes me most anxious is that I may have too recent a |
26 |
> version of some ebuild that should be security-aware. I find setting |
27 |
> ACCEPT_KEYWORDS="~x86" a bit scary <g>. Is there a list of known good |
28 |
> ebuild versions, or should I check the Changelog of each ebuild? |
29 |
> |
30 |
> Thanks for any suggestions! |
31 |
> |
32 |
> Cheers, |
33 |
> |
34 |
> --------------------------------------------------- |
35 |
> Bill McCarty |
36 |
> |
37 |
> |
38 |
> -- |
39 |
> gentoo-hardened@g.o mailing list |
40 |
|
41 |
|
42 |
-- |
43 |
gentoo-hardened@g.o mailing list |