Gentoo Archives: gentoo-security

From: Chris PeBenito <pebenito@g.o>
To: fisch <fisch@××××××××××××.de>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] SELinux and user-crontab
Date: Wed, 14 Jan 2004 19:20:52
Message-Id: 1074107993.5176.24.camel@chris.pebenito.net
In Reply to: [gentoo-security] SELinux and user-crontab by fisch
1 On Wed, 2004-01-14 at 06:54, fisch wrote:
2 > and added the user bob to the staff role, to allow login vi ssh
3 > user bob roles { staff_r }; -> in /etc/security/selinux/src/policy/users
4 > ok, that works.
5
6 Normal users should be user_r. If they're going to be able to use
7 sysadm_r, they should be staff_r instead of user_r.
8
9 > I have two problems:
10 > a) after reboot, user bob can't login via ssh until I do a "rlpkg
11 > openssh"
12
13 Theres two things that need to happend for sshd to work right. The
14 binary has to be labeled correctly, which should have been taken care of
15 by rlpkg. Then either you have it automatically start up at boot, or
16 manually start it using run_init. If sshd isn't in the right context,
17 then people will not be able to log in.
18
19 > b) user bob can't create a crontab for themself
20 > what I have to do?
21
22 Not sure about this one. I can reproduce this, so I'll investigate
23 further.
24
25 --
26 Chris PeBenito
27 <pebenito@g.o>
28 Developer,
29 Hardened Gentoo Linux
30 Embedded Gentoo Linux
31
32 Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
33 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-security] SELinux and user-crontab fisch <fisch@××××××××××××.de>