Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 595046 - Network and Selinux Management display error from System, Administration menu
Summary: Network and Selinux Management display error from System, Administration menu
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: usermode
Version: 12
Hardware: i686
OS: Linux
low
high
Target Milestone: ---
Assignee: Miloslav Trmač
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-23 04:09 UTC by dcpub
Modified: 2013-01-10 05:58 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-05-26 21:48:09 UTC


Attachments (Terms of Use)
gui error message (deleted)
2010-05-23 04:09 UTC, dcpub
no flags Details

Description dcpub 2010-05-23 04:09:56 UTC
Created attachment 415915 [details]
gui error message

Description of problem:
When running System, Administration, Network or SELinux Management, a gui screen appears that says Insufficient rights.  If run as root, they function fine.

Version-Release number of selected component (if applicable):
system-config-network vers: 1.6.0

How reproducible:
repeatable

Steps to Reproduce:
1. run either system-config-network or system-config-selinux
2.
3.
  
Actual results:
same as description

Expected results:


Additional info:
Occurred after recent updates.

Comment 1 Miloslav Trmač 2010-05-24 16:36:55 UTC
Thanks for your report.

Can you reproduce the problem at will?

This should be caused by one of the following:
* Your account information can not be retrieved (e.g. LDAP server unavailable)
* Your account has expired
* Your password has expired
Is any of these true?  For example, can you (su your_user_name) and authenticate correctly?

In any case, the error message will need to be more detailed in the future.

Comment 2 dcpub 2010-05-24 17:28:57 UTC
Yes, this can be duplicated at will.

Have no problem with user password.  None of the issues above apply but I will check again.  I will have to try the su my_user_name and get back to you.  Don't have the laptop with me right now.

As I said above, root login allows me to run both system-config-network and system-config-selinux with no issues.

I will try to get more detail when running it as my user from a terminal.

Comment 3 dcpub 2010-05-25 01:52:13 UTC
Ok, doing su my_user_name I get the following:

  userhelper must be setuid root

with either of the system-configs listed above.  This is the only message that appears.  This also happens with system-config-users.  I suspect that other system-config commands might do the same.

my_user_name account has not expired and has no expiration set.

Comment 4 Miloslav Trmač 2010-05-25 02:05:53 UTC
Thanks, that does explain the immediate cause of the error message.

Searching for the root cause, can you paste the output of:
- stat -Z /usr/sbin/userhelper 
- rpm -V usermode
- grep nosuid /proc/mounts 
please?

Perhaps also try running (restorecon -v /usr/sbin/userhelper) and if there is any output, can you paste it here as well, please?

Comment 5 dcpub 2010-05-26 00:21:45 UTC
Here's the outputs:

# stat -Z /usr/sbin/userhelper
stat: Kernel is not SELinux enabled
Try `stat --help' for more information.

# rpm -V usermode
.M.......    /usr/sbin/userhelper
.M.......  d /usr/share/doc/usermode-1.104/COPYING
.M.......  d /usr/share/doc/usermode-1.104/ChangeLog
.M.......  d /usr/share/doc/usermode-1.104/NEWS
.M.......  d /usr/share/doc/usermode-1.104/README
.M.......    /usr/share/locale/ar/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/as/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ast/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/be/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/bg/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/bn/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/bn_IN/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/bs/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ca/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/cs/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/cy/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/da/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/de/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/de_CH/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/el/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/en_GB/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/es/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/et/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/fa/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/fi/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/fr/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/gl/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/gu/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/he/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/hi/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/hr/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/hu/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/id/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/is/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/it/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ja/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ka/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/kn/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ko/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/lv/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/mai/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/mk/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ml/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/mr/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ms/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/nb/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/nl/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/or/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/pa/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/pl/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/pt/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/pt_BR/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ro/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ru/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/si/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/sk/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/sl/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/sr/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/sr@latin/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/sv/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/ta/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/te/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/tg/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/tr/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/uk/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/vi/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/zh_CN/LC_MESSAGES/usermode.mo
.M.......    /usr/share/locale/zh_TW/LC_MESSAGES/usermode.mo
.M.......  d /usr/share/man/man8/consolehelper.8.gz
.M.......  d /usr/share/man/man8/userhelper.8.gz

# grep nosuid /proc/mounts
gvfs-fuse-daemon /home/david/.gvfs fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 0 0

restorecon -v /usr/sbin/userhelper
   - no output

Comment 6 Miloslav Trmač 2010-05-26 13:32:53 UTC
.M.......    /usr/sbin/userhelper

You can check using (stat /usr/sbin/userhelper) or (ls -l /usr/sbin/userhelper) - the program is most likely not set-UID root.

Have you done this change explicitly?  If not, I don't think we'll able to determine the cause; the output of (stat /usr/sbin/userhelper) might provide some clues, but ultimately we are left guessing - probably a runaway recursive chmod command or something similar.

You should be able to use (rpm --setperms userhelper) to restore the permissions of files contained in this package, and something similar for other packages, if any.

Comment 7 dcpub 2010-05-26 14:54:35 UTC
Ok, ls -l on /usr/sbin/userhelper shows:

-rwxr-xr-x  1 root root 3416 2010-02-25 07:06 /usr/sbin/userhelper

stat as root displays the same message as above.  I did the setperms but of course it did not change anything.

selinux is disabled in enforcing mode.  I put it back into permissive mode and relabeled on reboot.

After reboot, I now get:

# stat -Z /usr/sbin/userhelper
  File: `/usr/sbin/userhelper'
  Size: 34176           Blocks: 72         IO Block: 4096   regular file
Device: 802h/2050d      Inode: 4055139     Links: 1     Device type: 0,0
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
   S_Context: system_u:object_r:userhelper_exec_t:s0
Access: 2010-05-26 10:52:34.000000000 -0400
Modify: 2010-02-25 07:06:54.000000000 -0500
Change: 2010-05-26 10:45:28.000000000 -0400

Comment 8 dcpub 2010-05-26 14:57:32 UTC
Also, still have insufficent rights message

Comment 9 Miloslav Trmač 2010-05-26 15:07:11 UTC
If setperms does not work, "chmod u+s /usr/sbin/userhelper" should.

Comment 10 dcpub 2010-05-26 16:27:06 UTC
Ok, chmod u+s fixed it.  Rights message is gone.

Thanks

Comment 11 Miloslav Trmač 2010-05-26 21:48:09 UTC
Thank you.

I'd love to know how the permissions got damaged - but I have no idea how, and usermode is most likely not involved.

Comment 12 dcpub 2010-05-26 23:49:10 UTC
Well the only activity on this laptop so far were updates, I had disabled selinux, and I compiled one program.  May never know.


Note You need to log in before you can comment on or make changes to this bug.