1 |
On Wed, 2004-01-14 at 20:19, Chris PeBenito wrote: |
2 |
> On Wed, 2004-01-14 at 06:54, fisch wrote: |
3 |
> > and added the user bob to the staff role, to allow login vi ssh |
4 |
> > user bob roles { staff_r }; -> in /etc/security/selinux/src/policy/users |
5 |
> > ok, that works. |
6 |
> |
7 |
> Normal users should be user_r. If they're going to be able to use |
8 |
> sysadm_r, they should be staff_r instead of user_r. |
9 |
> |
10 |
> > I have two problems: |
11 |
> > a) after reboot, user bob can't login via ssh until I do a "rlpkg |
12 |
> > openssh" |
13 |
> |
14 |
> Theres two things that need to happend for sshd to work right. The |
15 |
> binary has to be labeled correctly, which should have been taken care of |
16 |
> by rlpkg. |
17 |
|
18 |
ok - that's done |
19 |
|
20 |
> Then either you have it automatically start up at boot, or |
21 |
> manually start it using run_init. If sshd isn't in the right context, |
22 |
> then people will not be able to log in. |
23 |
|
24 |
I start ssh at boot (rc-update add sshd default) - is that the problem? |
25 |
|
26 |
> > b) user bob can't create a crontab for themself |
27 |
> > what I have to do? |
28 |
> |
29 |
> Not sure about this one. I can reproduce this, so I'll investigate |
30 |
> further. |
31 |
|
32 |
my /usr/bin/crontab: |
33 |
-rwsr-x--- root cron system_u:object_r:crontab_exec_t crontab |
34 |
|
35 |
my user bob: |
36 |
uid=1001(bob) gid=408(cms) groups=408(cms),100(users) |
37 |
context=bob:user_r:user_t |
38 |
|
39 |
my /etc/security/selinux/src/policy/users: |
40 |
user system_u roles system_r; |
41 |
user user_u roles user_r; |
42 |
user root roles { staff_r sysadm_r portage_r }; |
43 |
user bob roles { user_r }; |
44 |
|
45 |
is there a cron-role which I can add to user bob? |
46 |
|
47 |
bye |
48 |
fisch |
49 |
|
50 |
-- |
51 |
fisch <fisch@××××××××××××.de> |
52 |
|
53 |
|
54 |
-- |
55 |
gentoo-security@g.o mailing list |