1 |
On 11/27/2011 10:38 AM, Sven Vermeulen wrote: |
2 |
> |
3 |
> Hi Stan, |
4 |
> |
5 |
> This isn't really the way it is meant to resolve. From your denials, I |
6 |
> gather that you were still running in staff_r role. You need to transition |
7 |
> to sysadm_r role first and then try to perform your administrative tasks. |
8 |
> |
9 |
> Wkr, |
10 |
> Sven Vermeulen |
11 |
Sven, |
12 |
|
13 |
Thanks for the tip. I was running in staff_r when I got the denials. I |
14 |
thought I read somewhere that staff was allowed to su, so never thought |
15 |
the difference of when I entered the newrole to be that significant. |
16 |
Anyway, I'll call newrole first but it still appears as though I need to |
17 |
keep the calls to pam_selinux out of the su file as it fails when they |
18 |
are in. Also pam_xauth doesn't appear as though it's able to play with |
19 |
selinux, at least not inside the su file. |
20 |
|
21 |
-- |
22 |
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR |
23 |
PR - Cindy and Jenny - Sammamish, WA NWR |
24 |
http://www.cci.org |