SELinux and "su -"
This is a discussion on SELinux and "su -" within the Linux Administration forums, part of the Linux Forums category; When logging in via ssh, then su - to root user. I am in the wrong context. I stay in as ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-13-2004
|
|||
|
|||
SELinux and "su -"
When logging in via ssh, then su - to root user. I am in the wrong
context. I stay in as user_u:user_r:user_t rather than moving to root:staff_r:staff_t. I would figure that root would go into its default context then I would be allowed to newrole -r sysadm_r to handle sysadmin tasks. Instead, when trying to to newrole -r sysadm_r, I get the error user_u:sysadm_r:sysadm_t is an invalid context -- which I would expect since I am still user_u after su'ing over. Is there a way to get around this particular problem. I do not want to give user_u the ability to have a sysadm context. I would rather I could get the actual "root" context when I su over. Hope that made sense. I'm new to SELinux (on Gentoo FYI) and trying to get my head around the whole administration of it. TIA Ken 
|
|
08-15-2004
|
|||
|
|||
|
Re: SELinux and "su -"
Kenneth A Kauffman <kkauffman@headfog.com> wrote in message news:<LiaTc.3341$73.1413@lakeread04>...
> When logging in via ssh, then su - to root user. I am in the wrong > context. I stay in as user_u:user_r:user_t rather than moving to > root:staff_r:staff_t. I would figure that root would go into its > default context then I would be allowed to newrole -r sysadm_r to handle > sysadmin tasks. Instead, when trying to to newrole -r sysadm_r, I get > the error user_u:sysadm_r:sysadm_t is an invalid context -- which I > would expect since I am still user_u after su'ing over. Is there a way > to get around this particular problem. I do not want to give user_u the > ability to have a sysadm context. I would rather I could get the actual > "root" context when I su over. > > Hope that made sense. I'm new to SELinux (on Gentoo FYI) and trying to > get my head around the whole administration of it. > > TIA > > Ken Hiee Are using se linux config if yes then disable it. kunal
|
|
08-17-2004
|
|||
|
|||
|
Re: SELinux and "su -"
Jamie wrote:
> Kenneth A Kauffman <kkauffman@headfog.com> wrote in message > news:<LiaTc.3341$73.1413@lakeread04>... >> When logging in via ssh, then su - to root user. I am in the wrong >> context. I stay in as user_u:user_r:user_t rather than moving to >> root:staff_r:staff_t. I would figure that root would go into its >> default context then I would be allowed to newrole -r sysadm_r to >> handle sysadmin tasks. Instead, when trying to to newrole -r >> sysadm_r, I get the error user_u:sysadm_r:sysadm_t is an invalid >> context -- which I would expect since I am still user_u after su'ing >> over. Is there a way to get around this particular problem. I do >> not want to give user_u the ability to have a sysadm context. I >> would rather I could get the actual "root" context when I su over. >> >> Hope that made sense. I'm new to SELinux (on Gentoo FYI) and trying >> to get my head around the whole administration of it. >> >> TIA >> >> Ken > > > Hiee > Are using se linux config if yes then disable it. > kunal Huh? I'm TRYING to use a SELinux configuration. Anyway, I resolved the issue -- which can be found in the alt.os.linux.gentoo newsgroup. ken k
|
Linear Mode
