Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 162746 - yppasswdd won't set/update passwords when SELinux is enabled
Summary: yppasswdd won't set/update passwords when SELinux is enabled
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 4
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Russell Coker
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-07-08 08:20 UTC by Tony Molloy
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 1.27.1-2.3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2006-03-21 01:07:35 UTC

Attachments (Terms of Use)

Description Tony Molloy 2005-07-08 08:20:55 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
I'm trying to get NIS working. ypwhich, ypcat, ypmatch work OK.

However yppasswd will not set or update user passwords when SELinux is enabled with targeted policy. It works fine when SELinux is disabled.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Set up NIS with ypinit, NIS files in /var/yp/ypsrc
2.Test ypwhich ypcat
3.Try to update NIS passwords with yppasswd

Actual Results:  
In /var/log/messages ( edited )

beta rpc.yppasswdd[1778]: update testacc1 (uid=9001) from host failed
beta rpc.yppasswdd[1778]: password file locked

In /var/log/audit/audit.log

type=PATH msg=audit(1120732794.982:341722): item=0 name="/etc/.pwd.lock" flags=310  inode=62249 dev=03:01 mode=040755 ouid=0 ogid=0 rdev=00:00
type=Unknown msg=audit(1120732794.982:341722):  cwd="/"
type=SYSCALL msg=audit(1120732794.982:341722): arch=40000003 syscall=5 success=no exit=-13 a0=acf181 a1=41 a2=180 a3=ffffffff items=1 pid=1778 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="rpc.yppasswdd" exe="/usr/sbin/rpc.yppasswdd"
type=AVC msg=audit(1120732794.982:341722): avc:  denied  { write } for  pid=1778 comm="rpc.yppasswdd" name=".pwd.lock" dev=hda1 ino=62391 scontext=system_u:system_r:rpcd_t tcontext=system_u:object_r:shadow_t tclass=file

Expected Results:  
yppasswd should update the passwords

Additional info:

Comment 1 Daniel Walsh 2005-09-27 19:43:51 UTC
Fixed in selinux-policy-targeted-1.27.1-2.3

Note You need to log in before you can comment on or make changes to this bug.