-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/08/2013 11:23 AM, John Emrich wrote: > Hello, > > Running Fedora-18. When executing the newrole command I consistently get > the same error message "incorrect password for xyzuser". I have su'd to > root. Everything appears valid. Below is a snippet from a terminal session > that demonstrates the error message. I receive the same error regardless > whether I am in enforcement mode or not. Any suggestions as to the cause? > > > [root@localhost xyzuser]# newrole -r system_r -t sysadm_t Password: > newrole: incorrect password for xyzuser Error sending audit message. > [root@localhost xyzuser]# semanage user -l > > Labeling MLS/ MLS/ SELinux User Prefix MCS Level MCS Range > SELinux Roles > > ... deleted lines ... root user s0 s0-s0:c0.c1023 > staff_r sysadm_r system_r unconfined_r staff_u user s0 > s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r > sysadm_u user s0 s0-s0:c0.c1023 > sysadm_r system_u user s0 s0-s0:c0.c1023 > system_r unconfined_r unconfined_u user s0 s0-s0:c0.c1023 > system_r unconfined_r ... deleted lines ... [root@localhost xyzuser]# id > -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > > > Thank You John Emrich > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > I think we had a capability bug. Just add pam_rootok to /etc/pam.d/newrole and it should work better for you. I prefer to use sudo for transitioning my user role. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGKcWUACgkQrlYvE4MpobPdsgCgyxTvROuzdPk4vvsXqcuiBqQ/ ddsAnRhxQ/kPOatbpjJQ7ThodyO3b7mU =82Xe -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
