Re: Fwd: SELinux user login problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

prakash hallalli wrote:
> Hi All,
> 
>         I am using CentOS-5 x86_64, I have followed what u have sent the
> steps.
>         But still i am getting same user login problem. I am not able to
> login
>         user properly in system.
> 
>       These are i have followed the steps.
> 
>      1. Create a source policy module:-
> 
>       #cd /home/prakash
>       #vi prakash.te
>         policy_module(prakash, 0.0.1)
>         role prakash_r;
>         userdom_unpriv_user_template(prakash);
> 
>        2. Build the source policy module:
> 
>         #make -f /usr/share/selinux/devel/Makefile
> 
>        3. Install the binary policy module:
> 
>        #semodule -i prakash.pp
> 
>      4. Create default contexts for prakash:
> 
>        #cd /etc/selinux/targeted/contexts/users
>        #vi prakash
>         system_r:system_local_login_t:s0   prakash_r:prakash_t:s0
>         system_r:remote_login_t:s0             prakash_r:prakash_t:s0
>         system_r:sshd_t:s0                          prakash_r:prakash_t:s0
>         system_r:crond_t:s0                         prakash_r:prakash_t:s0
>         system_r:xdm_t:s0                           prakash_r:prakash_t:s0
>         prakash_r:prakash_su_t:s0              prakash_r:prakash_t:s0
>         prakash_r:prakash_sudo_t:s0          prakash_r:prakash_t:s0
>         system_r:initrc_su_t:s0                     prakash_r:prakash_t:s0
>         prakash_r:prakash_t:s0                     prakash_r:prakash_t:s0
> 
> 5. Create a SELinux user mapping for prakash:
> 
>      #semanage user -a -L s0 -r s0-s0 -R "prakash_r" -P user prakash
> 
> 6. Add new prakash user for user1:
> 
>      #useradd -Z prakash user1
> 
> 7. when i will try to login in the system, will get permission denied
> message.
> 
> gtt login: user1
> password: XXXXXX
> 
>  -bash:  /home/user1/.bash_profile: Permission denied
> -bash-3.1$id
> uid=524(user1) gid=525(user1) groups=525(user1)
> context=prakash:prakash_r:prakash_t
> 
>   I tryed  to one more user then all so i got same problem. I am not sure
> what i did  the mistakes, Please help me what i have to do.
> 
> Thanks,
> Prakash, k, h.
> 
> On Wed, Feb 25, 2009 at 9:17 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> 
> prakash hallalli wrote:
>>>> Hi All,
>>>>
>>>>        I have created 'myuser'  user and  created custom module policy
> for
>>>> user.
>>>>        I have installed successfully module, but when i logging myuser in
>>>>     i will get bash prompt.
>>>>
>>>>        I have followed  as below steps for creating module.
>>>>
>>>>    #vi myuser.te
>>>>                          policy_module(myuser, 0.0.1)
>>>>                          role myuser_r;
>>>>                          userdom_unpriv_user_templete(myuser)
>>>>
>>>> #make ­-f /usr/share/selinux/devel/Makefile
>>>> #sudo semodule ­i myuser.pp
>>>> #semanage user ­a ­L s0 ­r s0­s0 ­L "myuser1_r" ­P user myuser1
>>>> #useradd ­Z myuser1 myuser1
>>>>
>>>> I did all the step when i try login in system following error will
> display.
>>>> gtt login: myuser
>>>> password: XXXXXX
>>>>
>>>> -bash:  /home/myuser/.bash_profile: Permission denied
>>>> -bash-3.1$
>>>>
>>>> Please give what should i have to do.
>>>>
>>>> Thanks,
>>>> Prakash.
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> --
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list@xxxxxxxxxx
>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Which OS and Version.
> 
> Depending on the policy you might need to relabe the homedir to get the
> labels correct.
> 
> restorecon -R -v /home
> 
>>

> ------------------------------------------------------------------------

> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Please attach the AVC messages from /var/log/audit/audit.log.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmoOc0ACgkQrlYvE4MpobNI/QCeOM9/9g9s3qIEb/b+w5gdGF3e
VxYAnROI42+yd2xSycJJPqEVjovwMuVA
=zXsG
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux