Gentoo Archives: gentoo-security

From: Chris PeBenito <pebenito@g.o>
To: fisch <fisch@××××××××××××.de>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] SELinux and user-crontab
Date: Wed, 14 Jan 2004 19:20:52
Message-Id: 1074107993.5176.24.camel@chris.pebenito.net
In Reply to: [gentoo-security] SELinux and user-crontab by fisch
On Wed, 2004-01-14 at 06:54, fisch wrote: 
> and added the user bob to the staff role, to allow login vi ssh > user bob roles { staff_r }; -> in /etc/security/selinux/src/policy/users > ok, that works.
Normal users should be user_r. If they're going to be able to use sysadm_r, they should be staff_r instead of user_r.
> I have two problems: > a) after reboot, user bob can't login via ssh until I do a "rlpkg > openssh"
Theres two things that need to happend for sshd to work right. The binary has to be labeled correctly, which should have been taken care of by rlpkg. Then either you have it automatically start up at boot, or manually start it using run_init. If sshd isn't in the right context, then people will not be able to log in.
> b) user bob can't create a crontab for themself > what I have to do?
Not sure about this one. I can reproduce this, so I'll investigate further. -- Chris PeBenito <pebenito@g.o> Developer, Hardened Gentoo Linux Embedded Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-security] SELinux and user-crontab fisch <fisch@××××××××××××.de>