Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
On Wed, 2004-01-14 at 20:19, Chris PeBenito wrote:
> On Wed, 2004-01-14 at 06:54, fisch wrote:
> > and added the user bob to the staff role, to allow login vi ssh
> > user bob roles { staff_r }; -> in /etc/security/selinux/src/policy/users
> > ok, that works.
>
> Normal users should be user_r. If they're going to be able to use
> sysadm_r, they should be staff_r instead of user_r.
>
> > I have two problems:
> > a) after reboot, user bob can't login via ssh until I do a "rlpkg
> > openssh"
>
> Theres two things that need to happend for sshd to work right. The
> binary has to be labeled correctly, which should have been taken care of
> by rlpkg.
ok - that's done
> Then either you have it automatically start up at boot, or
> manually start it using run_init. If sshd isn't in the right context,
> then people will not be able to log in.
I start ssh at boot (rc-update add sshd default) - is that the problem?
> > b) user bob can't create a crontab for themself
> > what I have to do?
>
> Not sure about this one. I can reproduce this, so I'll investigate
> further.
my /usr/bin/crontab:
-rwsr-x--- root cron system_u:object_r:crontab_exec_t crontab
my user bob:
uid=1001(bob) gid=408(cms) groups=408(cms),100(users)
context=bob:user_r:user_t
my /etc/security/selinux/src/policy/users:
user system_u roles system_r;
user user_u roles user_r;
user root roles { staff_r sysadm_r portage_r };
user bob roles { user_r };
is there a cron-role which I can add to user bob?
bye
fisch
--
fisch <fisch@...>
--
gentoo-security@g.o mailing list
|
|
