Su from an unprivileged account
Nic¤
nico33b at yahoo.fr
Fri Apr 16 09:08:27 UTC 2004
Hmm...
I turned off user_canbe_sysadm, I gave the user
user_test the role staff_r, and when I try
from the user_test shell with the context
user_test:user_r:user_t to transit to the
user_test:staff_r:staff_t :
[user_test at localhost user_test]$ newrole -t staff_t -r
staff_r
Authenticating user_test.
Password:
failed to exec shell
: Permission non accordée
Does anyone know why ?
Nico
--- Gene Czarcinski <gene at czarc.net> a écrit : > On
Thursday 15 April 2004 15:45, Daniel J Walsh
> wrote:
> > >Mmmm .. I wonder if it can be fine tuned enough
> so that a user could su to
> > >another regular user but not root or any user
> with sysadm_r capability?
> > > At the same time, a user with a sysadm_r
> capability could su to anyone.
> > >
> > >That might be an interesting capability to have.
> > >
> >
> > That is what staff_r is defined as. If you turn
> off user_canbe_sysadm,
> > you will end up with regular users who can't su
> and
> > staff users who can.
>
> Great! Well, that puts this message into my selinux
> "Goodinfo" folder.
>
> Gene
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
>
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
__________________________________________________________
Lèche-vitrine ou lèche-écran ?
magasinage.yahoo.ca
More information about the fedora-selinux-list
mailing list