Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 454579 - user cannot run "/bin/su"
Summary: user cannot run "/bin/su"
Keywords:
Status: CLOSED DUPLICATE of bug 454435
Alias: None
Product: Fedora
Classification: Fedora
Component: coreutils
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Ondrej Vasik
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-09 03:37 UTC by Jens Petersen
Modified: 2008-07-10 13:58 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-07-10 13:39:58 UTC


Attachments (Terms of Use)

Description Jens Petersen 2008-07-09 03:37:59 UTC
Description of problem:
It is not possible for normal users to run "su" now in rawhide.
Is that intentional?

Version-Release number of selected component (if applicable):
coreutils-6.12-5.fc10

How reproducible:
every time

Steps to Reproduce:
1. install rawhide
2. login in as regular user
3. run su in shell to become root
  
Actual results:
3. su not found:
-bash: su: command not found

Expected results:
3. su to run normally

Comment 1 Ondrej Vasik 2008-07-09 06:57:30 UTC
Thanks for report, it reminds me one similar bugzilla which was problem in
libuser/gdm(#441511). What does `type su` reports for that normal user(is /bin
in PATH)? what does `rpm -V coreutils` print? What runlevel are you using(I mean
does it occur even for runlevel 3 or only for 5?)? Does it occur even with
SELinux in permissive mode? Is this fresh install of rawhide or some upgrade
from F8/F9? Does it work if logged as root? Just trying to find out what went
wrong, as it works ok for me.

Comment 2 Jens Petersen 2008-07-09 08:15:54 UTC
(In reply to comment #1)
> libuser/gdm(#441511)

Yes it looks similar.

> What does `type su` reports for that normal user

-bash: type: su: not found

> (is /bin in PATH)?

sure

> what does `rpm -V coreutils` print?

$ rpm -V coreutils
missing    /bin/su (Permission denied)

# rpm -V coreutils
# ls -lZ /bin/su
-rwsr-xr-x  root root system_u:object_r:su_exec_t:s0   /bin/su

> What runlevel are you using (I mean does it occur even for runlevel 3 or only
for 5?)?

This was default, runlevel 5.   Yes with runlevel 3 too.

> Does it occur even with SELinux in permissive mode?

No that seems to workaround it. :)

> Is this fresh install of rawhide or some upgrade from F8/F9?

Yes a fresh install of today's (and recent) rawhide-i386.

> Does it work if logged as root?

Yes

Comment 3 Ondrej Vasik 2008-07-09 20:41:00 UTC
Thanks, seems to be reasonable to add Dan Walsh to cc, as it doesn't occur for
permissive. Are there any AVC messages in selinux log?

Comment 4 Jens Petersen 2008-07-10 05:21:10 UTC
I can't see any avc denials.

Comment 5 Daniel Walsh 2008-07-10 13:39:58 UTC
You updated to FC9 and the selinux-policy postinstall did not fire properly.

The following commands should fix the problem

# semanage user -a -S targeted -P user -R "unconfined_r system_r" -r
s0-s0:c0.c1023 unconfined_u 
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 __default__
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 root
# semanage user -a -S targeted  -P user -R guest_r guest_u
# semanage user -a -S targeted  -P user -R xguest_r xguest_u

You will need to log out and log back in.

Comment 6 Will Woods 2008-07-10 13:58:21 UTC
It's not intentional. The root cause of this is a bug installing the policy
files (see bug 454435).

Future installs of rawhide shouldn't have this problem, but if your system is
afflicted, Dan's workaround in Comment #5 will fix it.



*** This bug has been marked as a duplicate of 454435 ***


Note You need to log in before you can comment on or make changes to this bug.