Fwd: SELinux user login problem
Daniel J Walsh
dwalsh at redhat.com
Fri Feb 27 19:06:53 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
prakash hallalli wrote:
> Hi All,
>
> I am using CentOS-5 x86_64, I have followed what u have sent the
> steps.
> But still i am getting same user login problem. I am not able to
> login
> user properly in system.
>
> These are i have followed the steps.
>
> 1. Create a source policy module:-
>
> #cd /home/prakash
> #vi prakash.te
> policy_module(prakash, 0.0.1)
> role prakash_r;
> userdom_unpriv_user_template(prakash);
>
> 2. Build the source policy module:
>
> #make -f /usr/share/selinux/devel/Makefile
>
> 3. Install the binary policy module:
>
> #semodule -i prakash.pp
>
> 4. Create default contexts for prakash:
>
> #cd /etc/selinux/targeted/contexts/users
> #vi prakash
> system_r:system_local_login_t:s0 prakash_r:prakash_t:s0
> system_r:remote_login_t:s0 prakash_r:prakash_t:s0
> system_r:sshd_t:s0 prakash_r:prakash_t:s0
> system_r:crond_t:s0 prakash_r:prakash_t:s0
> system_r:xdm_t:s0 prakash_r:prakash_t:s0
> prakash_r:prakash_su_t:s0 prakash_r:prakash_t:s0
> prakash_r:prakash_sudo_t:s0 prakash_r:prakash_t:s0
> system_r:initrc_su_t:s0 prakash_r:prakash_t:s0
> prakash_r:prakash_t:s0 prakash_r:prakash_t:s0
>
> 5. Create a SELinux user mapping for prakash:
>
> #semanage user -a -L s0 -r s0-s0 -R "prakash_r" -P user prakash
>
> 6. Add new prakash user for user1:
>
> #useradd -Z prakash user1
>
> 7. when i will try to login in the system, will get permission denied
> message.
>
> gtt login: user1
> password: XXXXXX
>
> -bash: /home/user1/.bash_profile: Permission denied
> -bash-3.1$id
> uid=524(user1) gid=525(user1) groups=525(user1)
> context=prakash:prakash_r:prakash_t
>
> I tryed to one more user then all so i got same problem. I am not sure
> what i did the mistakes, Please help me what i have to do.
>
> Thanks,
> Prakash, k, h.
>
> On Wed, Feb 25, 2009 at 9:17 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
> prakash hallalli wrote:
>>>> Hi All,
>>>>
>>>> I have created 'myuser' user and created custom module policy
> for
>>>> user.
>>>> I have installed successfully module, but when i logging myuser in
>>>> i will get bash prompt.
>>>>
>>>> I have followed as below steps for creating module.
>>>>
>>>> #vi myuser.te
>>>> policy_module(myuser, 0.0.1)
>>>> role myuser_r;
>>>> userdom_unpriv_user_templete(myuser)
>>>>
>>>> #make -f /usr/share/selinux/devel/Makefile
>>>> #sudo semodule i myuser.pp
>>>> #semanage user a L s0 r s0s0 L "myuser1_r" P user myuser1
>>>> #useradd Z myuser1 myuser1
>>>>
>>>> I did all the step when i try login in system following error will
> display.
>>>> gtt login: myuser
>>>> password: XXXXXX
>>>>
>>>> -bash: /home/myuser/.bash_profile: Permission denied
>>>> -bash-3.1$
>>>>
>>>> Please give what should i have to do.
>>>>
>>>> Thanks,
>>>> Prakash.
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> --
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Which OS and Version.
>
> Depending on the policy you might need to relabe the homedir to get the
> labels correct.
>
> restorecon -R -v /home
>
>>
> ------------------------------------------------------------------------
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Please attach the AVC messages from /var/log/audit/audit.log.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmoOc0ACgkQrlYvE4MpobNI/QCeOM9/9g9s3qIEb/b+w5gdGF3e
VxYAnROI42+yd2xSycJJPqEVjovwMuVA
=zXsG
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list