1 |
Ok. I modified pam auth_system, and here is a workaround/solution for su |
2 |
problem. |
3 |
|
4 |
/etc/pam.d/system_auth |
5 |
+ session required»/lib/security/pam_selinux.so |
6 |
|
7 |
Though each time I su, I have to reenter my role and type. (staff_r, staff_t) |
8 |
Is there a better solution? |
9 |
|
10 |
Emre |
11 |
|
12 |
|
13 |
On Wednesday 26 May 2004 03:13 pm, nixnut wrote: |
14 |
> >On Wed, 2004-05-26 at 10:33, Emre wrote: |
15 |
> >>1. After I su to root and try /etc/init.d/xxx restart, I get: |
16 |
> >> |
17 |
> >>cannot find your entry in the passwd file. |
18 |
> >>authentication failed. |
19 |
> >> |
20 |
> >>But if I login from console, then it works ok. I made sure I installed |
21 |
> >> selinux version of required packages. |
22 |
> > |
23 |
> >You probably aren't using a selinux-enabled display manager, so when you |
24 |
> >log in to X, your identity is not set. GDM is the only one for sure |
25 |
> >thats in portage. KDM supposedly works with pam_selinux, and XDM and |
26 |
> >WDM might have upstream support, but I'm not sure. |
27 |
> |
28 |
> It is not an X problem. Starting a service like /etc/init.d/net.eth0 ask |
29 |
> for authentification. When starting this as root, I enter the root |
30 |
> password and the service gets started. If I login as ordinary user, then |
31 |
> su and then try to start the service I get the same error Emre mentions. |
32 |
> I can't find anything on this googling or searching the gentoo forums. |
33 |
> |
34 |
> regards, |
35 |
> nixnut |
36 |
> |
37 |
> -- |
38 |
> gentoo-hardened@g.o mailing list |
39 |
|
40 |
-- |
41 |
gentoo-hardened@g.o mailing list |