Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: fisch <fisch@...>
From: Chris PeBenito <pebenito@g.o>
Subject: Re: SELinux and user-crontab
Date: Wed, 14 Jan 2004 13:19:54 -0600
On Wed, 2004-01-14 at 06:54, fisch wrote: 
> and added the user bob to the staff role, to allow login vi ssh
> user bob roles { staff_r }; -> in /etc/security/selinux/src/policy/users
> ok, that works.

Normal users should be user_r.  If they're going to be able to use
sysadm_r, they should be staff_r instead of user_r.

> I have two problems:
> a) after reboot, user bob can't login via ssh until I do a "rlpkg
> openssh"

Theres two things that need to happend for sshd to work right.  The
binary has to be labeled correctly, which should have been taken care of
by rlpkg.  Then either you have it automatically start up at boot, or
manually start it using run_init.  If sshd isn't in the right context,
then people will not be able to log in.

> b) user bob can't create a crontab for themself
> what I have to do?

Not sure about this one.  I can reproduce this, so I'll investigate
further.

-- 
Chris PeBenito
<pebenito@g.o>
Developer,
Hardened Gentoo Linux
Embedded Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243
Attachment:
signature.asc (This is a digitally signed message part)
Replies:
Re: SELinux and user-crontab
-- fisch
References:
SELinux and user-crontab
-- fisch
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
SELinux and user-crontab
Next by thread:
Re: SELinux and user-crontab
Previous by date:
Re: Changes to traceroute in newest release
Next by date:
RE: SELinux and user-crontab


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.