Hi All,<br><br> I am using CentOS-5 x86_64, I have followed what u have sent the steps.<br> But still i am getting same user login problem. I am not able to login <br> user properly in system. <br>
<br> These are i have followed the steps. <br><br> 1. Create a source policy module:- <br> <br> #cd /home/prakash<br> #vi prakash.te<br> policy_module(prakash, 0.0.1)<br> role prakash_r;<br>
userdom_unpriv_user_template(prakash);<br> <br> 2. Build the source policy module:<br><br><div class="Ih2E3d"> #make -f /usr/share/selinux/devel/Makefile<br>
<br>
</div><div class="Ih2E3d"> 3. Install the binary policy module:<br>
<br>
</div> #semodule -i prakash.pp<br><br> 4. Create default contexts for prakash:<br> <br> #cd /etc/selinux/targeted/contexts/users<br> #vi prakash<br> system_r:system_local_login_t:s0 prakash_r:prakash_t:s0<br>
system_r:remote_login_t:s0 prakash_r:prakash_t:s0<br> system_r:sshd_t:s0 prakash_r:prakash_t:s0<br> system_r:crond_t:s0 prakash_r:prakash_t:s0 <br>
system_r:xdm_t:s0 prakash_r:prakash_t:s0<br> prakash_r:prakash_su_t:s0 prakash_r:prakash_t:s0<br> prakash_r:prakash_sudo_t:s0 prakash_r:prakash_t:s0<br>
system_r:initrc_su_t:s0 prakash_r:prakash_t:s0<br> prakash_r:prakash_t:s0 prakash_r:prakash_t:s0<br><br>5. Create a SELinux user mapping for prakash:<br><div class="Ih2E3d">
<br> #semanage user -a -L s0 -r s0-s0 -R "prakash_r" -P user prakash<br>
<br>
6. Add new prakash user for user1:<br>
<br> #useradd -Z prakash user1<br><br>7. when i will try to login in the system, will get permission denied message.<br><br>gtt login: user1<br>password: XXXXXX<br><br> -bash: /home/user1/.bash_profile: Permission denied<br>
-bash-3.1$<span style="color: rgb(255, 0, 0);">id </span><br>uid=524(user1) gid=525(user1) groups=525(user1) context=prakash:prakash_r:prakash_t<br><br> I tryed to one more user then all so i got same problem. I am not sure what i did the mistakes, Please help me what i have to do. <br>
<br>Thanks,<br>Prakash, k, h.<br></div><br><div class="gmail_quote">On Wed, Feb 25, 2009 at 9:17 PM, Daniel J Walsh <span dir="ltr"><<a href="mailto:dwalsh@redhat.com">dwalsh@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<div><div></div><div class="Wj3C7c"><br>
prakash hallalli wrote:<br>
> Hi All,<br>
><br>
> I have created 'myuser' user and created custom module policy for<br>
> user.<br>
> I have installed successfully module, but when i logging myuser in<br>
> i will get bash prompt.<br>
><br>
> I have followed as below steps for creating module.<br>
><br>
> #vi myuser.te<br>
> policy_module(myuser, 0.0.1)<br>
> role myuser_r;<br>
> userdom_unpriv_user_templete(myuser)<br>
><br>
> #make -f /usr/share/selinux/devel/Makefile<br>
> #sudo semodule i myuser.pp<br>
> #semanage user a L s0 r s0s0 L "myuser1_r" P user myuser1<br>
> #useradd Z myuser1 myuser1<br>
><br>
> I did all the step when i try login in system following error will display.<br>
><br>
> gtt login: myuser<br>
> password: XXXXXX<br>
><br>
> -bash: /home/myuser/.bash_profile: Permission denied<br>
> -bash-3.1$<br>
><br>
> Please give what should i have to do.<br>
><br>
> Thanks,<br>
> Prakash.<br>
><br>
><br>
><br>
</div></div>> ------------------------------------------------------------------------<br>
<div class="Ih2E3d">><br>
> --<br>
> fedora-selinux-list mailing list<br>
> <a href="mailto:fedora-selinux-list@redhat.com">fedora-selinux-list@redhat.com</a><br>
> <a href="https://www.redhat.com/mailman/listinfo/fedora-selinux-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-selinux-list</a><br>
</div>Which OS and Version.<br>
<br>
Depending on the policy you might need to relabe the homedir to get the<br>
labels correct.<br>
<br>
restorecon -R -v /home<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.9 (GNU/Linux)<br>
Comment: Using GnuPG with Fedora - <a href="http://enigmail.mozdev.org" target="_blank">http://enigmail.mozdev.org</a><br>
<br>
iEYEARECAAYFAkmlaCEACgkQrlYvE4MpobMMqACgyOEwLuvH0xgp2I97QXOtNLEa<br>
YP4AnRe8ozJhduWstWubPIO3qxptGO8E<br>
=UjzM<br>
-----END PGP SIGNATURE-----<br>
</blockquote></div><br>