On Thu, 2004-04-01 at 17:15, murphy pope wrote: > How can I create a new Linux user account such that the home directory > is assigned the proper context? > > I want to create a new user (fred). > I want fred's home directory to he located in the default location > (/home/fred). > And I want the context for /home/fred to be: > fred:user_r:user_home_dir_t. > > useradd doesn't work. It seems to have two problems: > 1) If my context (when I run useradd fred) is > root:staff_r:staff_t, useradd sets the home directory to > root:object_r:home_root_t. Basically don't run useradd (or do anything that in typical Linux/Unix requires "root") as staff_r. It's the loseness of the FC2 policy that lets it even halfway work. > 2) If my context is root:sysadm_r:sysadm_t, useradd sets the > home directory to root:object_r:user_home_dir_t > > Item 1 seems like a bug - why would it choose :home_root_t instead of > :user_home_dir_t? > In either case, the identity is wrong. The identity isn't really wrong in 2. Sure, the SELinux user identity component of the security context is "root", but that won't matter in this case, since the user can't relabel their home directory anyways. > 1) Why is this so bloody difficult? Can you really expect the average > user/administrator to deal with problems like this? We're working on a solution. > 2) How can I create a new user whose home directory is assigned the > proper identity? Become root/sysadm_r, and run useradd. > 3) How can I get a list of valid identities? By identity I'm assuming you mean security context; you could egrep for '^type ' in policy.conf I guess... > 4) Can I add identities with a simple command (i.e. without > recompiling the policy)? No.
Attachment:
signature.asc
Description: This is a digitally signed message part