Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: Chris PeBenito <pebenito@g.o>
From: fisch <fisch@...>
Subject: Re: SELinux and user-crontab
Date: Thu, 15 Jan 2004 12:25:34 +0100
On Wed, 2004-01-14 at 20:19, Chris PeBenito wrote:
> On Wed, 2004-01-14 at 06:54, fisch wrote: 
> > and added the user bob to the staff role, to allow login vi ssh
> > user bob roles { staff_r }; -> in /etc/security/selinux/src/policy/users
> > ok, that works.
> 
> Normal users should be user_r.  If they're going to be able to use
> sysadm_r, they should be staff_r instead of user_r.
> 
> > I have two problems:
> > a) after reboot, user bob can't login via ssh until I do a "rlpkg
> > openssh"
> 
> Theres two things that need to happend for sshd to work right.  The
> binary has to be labeled correctly, which should have been taken care of
> by rlpkg. 

ok - that's done

>  Then either you have it automatically start up at boot, or
> manually start it using run_init.  If sshd isn't in the right context,
> then people will not be able to log in.

I start ssh at boot (rc-update add sshd default) - is that the problem?

> > b) user bob can't create a crontab for themself
> > what I have to do?
> 
> Not sure about this one.  I can reproduce this, so I'll investigate
> further.

my /usr/bin/crontab:
-rwsr-x---  root     cron     system_u:object_r:crontab_exec_t crontab

my user bob:
uid=1001(bob) gid=408(cms) groups=408(cms),100(users)
context=bob:user_r:user_t

my /etc/security/selinux/src/policy/users:
user system_u roles system_r;
user user_u roles user_r;
user root roles { staff_r sysadm_r portage_r };
user bob roles { user_r };

is there a cron-role which I can add to user bob?

bye
fisch

-- 
fisch <fisch@...>


--
gentoo-security@g.o mailing list

Replies:
Re: SELinux and user-crontab
-- Chris PeBenito
References:
SELinux and user-crontab
-- fisch
Re: SELinux and user-crontab
-- Chris PeBenito
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: SELinux and user-crontab
Next by thread:
Re: SELinux and user-crontab
Previous by date:
RE: SELinux and user-crontab
Next by date:
Re: SELinux and user-crontab


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.