Fedora :: 12 SELinux Context Not Updated When Changing User's Home Directory
Feb 15, 2010
I was setting up a Samba server and I ran into some problems with SELinux related to the context of the home directories. I made a user account, say "UserAccount", with a default home directory "home/UserAccount". Afterwards I realized that I needed to move the home directory of this particular user to another location, say "/home2/UserAccount". So I created the new directory, changed the permissions, and used Gnome's system-config-user to change the user's home directory.
I then set-up the Samba server, activated samba_run_unconfined and samba_enable_home_dirs in SELinux, and made an account for UserAccount. When testing the Samba account for UserAccount SELinux denied read access. I checked the context and the new home directory did not appeared to have been updated. I had to manually run:
restorecon -R -v /home2/UserAccount
to set the context on the new home directory. I'm not very familiar with SELinux, so my question is this: is this normal security policy or is a bug in the system-config-user tool? If it's normal policy can someone explain why? I'm always ready to learn Distro: Fedora 12 (kernel: 2.6.31.5-127.fc12.i686) System: Dual Intel Xeon @ 3.2 GHz, 1 GB RAM
View 4 Replies
ADVERTISEMENT
Feb 2, 2011
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
View 4 Replies
View Related
Oct 20, 2010
I'm attempting to get MapServer running on my Fedora 13 computer. I was able to install with the package manager, and the executable (mapserv) was originally placed in /usr/sbin. But I need it in /var/www/cgi-bin to work on the webserver. So I copied the file to the right location. Unfortunately, it doesn't have the correct SELinux context. Here's the message from the troubleshooter:
SELinux denied access requested by /var/www/cgi-bin/mapserv. /var/www/cgi-bin/mapserv is mislabeled. /var/www/cgi-bin/mapserv default type is httpd_sys_script_exec_t, but its current type is httpd_sys_script_exec_t. Changing this file back to the default type, may fix your problem.
How's that for circular logic? Does anyone have an idea what the correct SELinux context for a cgi-bin executable might be?
View 3 Replies
View Related
Nov 21, 2010
I'm suspicious that the context of /etc/sudoers is wrong. During the last upgrade to Fedora 14, RPM dropped /etc/sudoers.rpmnew, which had a different context than the real sudoers file. But, when I try to get SELinux to relabel the file (using restorecon or fixfiles), it refuses to make a change.
> ls -lZ /etc/sudoers
-r--r-----. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers
> matchpathcon /etc/sudoers
[code]....
View 5 Replies
View Related
Apr 13, 2010
I'm working with Fedora and SELinux and am having a problem. I need to allow apache's http daemon to use arp (for getting some mac addresses). I have changed the type of the arp executable to httpd_sys_context_t but am still having an issue. Here is the messages log: Detailed Description:
[Code]...
View 4 Replies
View Related
Apr 26, 2010
I receive messages such as the below:
SELinux is preventing /usr/sbin/httpd from using potentially mislabeled filesjk-runtime-status. SELinux has denied the httpd access to potentially mislabeled filesjk-runtime-status. This means that SELinux will not allow httpd to use these files. If httpd should be allowed this access to these files you should change the file context to one of the following types, httpd_tmp_t,
I know how to change the owner of a file and the permissions but what does it mean to change the file context?
View 3 Replies
View Related
May 14, 2009
I ran "yum update" and updated my new installation. Afterwards: my main application stopped running. It iis an xwindow app. I am trying to run it from a terminal on the gnome desktop. How can I back out my updates and which packages should I try to remove?
Controller screen Buffer depth 1
void PSLr: :resize (int size): 661
QPixmap: Invalid pixmap parameters
auxillary display font size: 8
[code]....
View 1 Replies
View Related
Oct 6, 2010
I'm running a Samba server (3.5.2-60.fc13) on Fedora 13 (64 bit). I want to share the user home directories and want to allow following of symlinks out of the share tree. So in smb.conf I used
unix extensions = no
wide links = yes
For SELinux I did:
setsebool -P samba_enable_home_dirs=1
getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
[code]....
However I can't follow the symlinks when mounting my home directory on a Windows machine, unless I disable SeLinux.
View 5 Replies
View Related
Dec 15, 2010
I'm trying to restrict a particular ssh user to his home directory, I'm just giving him access so that he can ssh to another server that is only accessible from the former but restrict his movement so that he can't poke around the former.I already made some changes to sshd_config file and added the following line at the end:
Did some test, user joe can ssh to the server but unable to do anything aside from logging in, even a simple ls command will immediately close the putty session. I know I'm still missing something but don't really know what it is.I also tried this how to that uses rssh --> http://www.adamhawkins.net/2009/05/r...ured/#more-431 however when I login the session immediately closes.
View 5 Replies
View Related
May 12, 2011
I have added a new user by following command :
root# useradd -u 100 -g 120 -d /product -s /bin/bash sandesh
I am not able to access it in /export/home directory..?
View 1 Replies
View Related
Jan 6, 2010
I have a secondary disk which holds a /home directory structure from a previous install of Linux. I installed a new version on a new primary drive and mounted this secondary drive as the new /home. Problem is, even though the users are the same names and I can access the home directories for the users, I cannot login directly to their home directories, as I get the following error: -
Code:
login as: [me]
[me]@[machine]'s password:
Last login: Wed Jan 6 18:34:33 2010 from [machine]
Could not chdir to home directory /home/[me]: Permission denied
[[me]@[machine] /]$
Now, since the usernames are correct and the users are in the passwd file with the correct home directory paths, could it be user ID's that are different or something else? It's not as though I cannot access the home directories for the users, simply that I cannot log directly into them from a login prompt.
View 14 Replies
View Related
May 27, 2010
People usually suggest workarounds to do this, as it's not possible with usermod while the user is logged in. Did I overlook anything or is this method not preferable over creating a new account, setting the user permissions, then moving the files and messing with the file permissions? Using the right tool for the job would seem to be less error-prone to me. 1. Activate the root account by setting a password.
Code:
sudo passwd
2. Log out and log into the root account.
3. Change the username and home directory from user1 to user2. This will also move the files to the new home directory and rename the group to user2.
Code:
usermod -l user2 -d /home/user2 -m user1
[Code]...
View 3 Replies
View Related
Apr 7, 2011
I have a dual-boot win7 and Ubuntu 10.10 and I want Ubuntu to use my windows user folder as home. I edited fstab to give me ownership and mount it to /mnt/Windows at startup but whenever I change the location of home in the Users and Groups it acts like it is changing it but it never does. I close the settings and when I re-open it, it is set back to /home/me.
View 5 Replies
View Related
Jun 16, 2011
Do you think there is a way of accessing different user data from another account which I have set up.
Ie. user 1 = account has messed up
user 2 = account works fine
access user account 1 home directory from user 2 work space?
View 9 Replies
View Related
Jul 24, 2011
I need to change SELinux policy to permissive and then back to enforced for an installation. I understand that I should be able to do that through the SELinux Administration window accessed through System -> Administration ->SELinux Management. But I do not have any real sysadmin tools available in my Fedora 15 Gnome Gui interface. Am I missing something, or should I use some sort of similar command line tool to do this?
View 2 Replies
View Related
Mar 8, 2010
I'm developing an application in which one user must run java software that I'm compiling as another user. I wanted to give user A permission to see the bin direcory of my workspace, which is in the home directory of user B. I was wondering how can this be done? I gave the bin direcotry full read/execute premissions, but since it's in my home directory user A can't navigate to it.
I know there are a few ways I could get around the problem but they arn't very elegant. I was wondering if there is a simple method for giving a user access to a specific directory without giving access to all the parent directories. I tried symbolic link but user A still can't access it, and a hard link to a directory isn't allowed in Linux. I don't feel like making a hard link to every single file in the bin directory, and I'm not sure that would work anyways, since every recompile overwrites them.
View 7 Replies
View Related
May 12, 2011
i have rhel 5.2 and i want to create user using useradd command without creating user home directory and not throwing any warning/error about not creating any home directory.i have tried useradd -u "$NEW_UID" -g <gid> -d "/home/$1" -M "$1"where $1 is user name and $NEW_UID is i am calculating.it throws error as useradd: cannot create directory /home/$1which i dont want to come , how to prevent this?
View 1 Replies
View Related
Jan 30, 2011
I accidently reset the SELINUX context on the /var folder from "var_t" to user data. Now I cant go back and set it to "var_t" and i cant access my website anymore
View 3 Replies
View Related
Sep 13, 2010
What are the SElinux security context type & booleans in FTP/vsftpd
View 3 Replies
View Related
Jul 28, 2011
i'm new to linux and just installed Ubuntu and decided to play around with it. i just executed
Code: useradd test which supposedly creates a folder in the home directory '/home/test' but when i look in there i can't see it i also did a
Code: grep test /etc/passwd which returns: 'test:x:1001:1001::/home/test:/bin/sh' which i believe means it is meant to exist.
Addendum: I have also now noticed that when i log in and log back in i have the option to login as 'test' but it prompts me for a password which i did not set :s
View 5 Replies
View Related
Feb 1, 2009
I tried to download Knoppix 6.0 iso, but it ran out of storage space. It was placing it into /tmp. Is there a way that I could have it placed in my /home directory, which is plenty big?
edhe@hebrews:~$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 935M 256M 632M 29% /
tmpfs 470M 0 470M 0% /lib/init/rw
udev 10M 96K 10M 1% /dev
tmpfs 470M 0 470M 0% /dev/shm
/dev/sda9 356G 1.5G 337G 1% /home
/dev/sda8 373M 11M 343M 3% /tmp
/dev/sda5 4.6G 4.0G 383M 92% /usr
/dev/sda6 2.8G 341M 2.3G 13% /var
View 4 Replies
View Related
Apr 19, 2010
I try to install IPsec-Tools on Slackware 13, but I get an configure error: configure: error: Security Context requested, bu no selinux support! Aborting. I'm linux newbie and I'm following a slackware-basics tutorial, I did as in the tutorial, but the configure stops and aborts:
Code:
# CFLAGS="-O2 -march=i486 -mcpu=i686"
./configure --prefix=/usr
--sysconfdir=/etc
--localstatedir=/var
[Code]...
What can I do? How can I enable/install selinux support? I guess it's related with AH and ESP protocols, which in my kernel are defined as modules (m). If so, how can I enable them?
View 5 Replies
View Related
Mar 27, 2011
I couldn't able to change file permission of files residing under /media/* Under /media all the NTFS partitions are mounted manually (gnome GUI) using root password. File properties of file under those NTFS partition shows SELinux context is "fusefs_t". I guess this is prevention from changing permission of file. How can I over come this?
View 9 Replies
View Related
Jul 11, 2010
I wonder if SELinux really are necessary for a home desktop ?
It only makes my computer use more problematic than it already is.
What can happend if I uninstall it on my Fedora 13 dist ?
Is the hole Internet going to come in to my computer and destroy it ?
If I uninstall SELinux, is the firewall uninstalled also ?
View 14 Replies
View Related
Jul 4, 2009
I would like to change the start directory, the directory at which ftp/shell points to when the user logs in.
View 1 Replies
View Related
Mar 2, 2011
Basically I'm trying to create a bash script that'll ask for a folder name and then change into that folder.
Code:
Not real code but bare with me!
echo "Enter the desired folder and press [ENTER]
read $folder
cd $folder
pwd
/home/<user name>/<whatever the user entered>
Is this possible with bash or am I chasing a pipe dream?
View 1 Replies
View Related
Aug 31, 2011
Xguest uses namespace.d/xguest.conf.
[code]...
root user won't be able to read the "active" xguest home directory (ll /home/xguest will only show an almost empty folder with content from /etc/skel). How can a root user list the folder of an the xguest home directory (while xguest is logged in)?
View 9 Replies
View Related
Jan 16, 2011
iam learning to setup a NFS server with fedora14. I have gone through couple of materials for this topic. I have a doubt. Say if i have user1 till user5 on my NFS server with their home directory under the /home and the /home directory is shared. If user1 logs into a client machine then will he be able to see home folders for the other users or just his own home folder. Because in the /etc/exports file there was an option saying "subtree" and according to my understanding this means that the subdirectories under /home will also be shared. Does that mean all the users should be able to see all other users home directory and its contents but not read/write?? Correct me if iam wrong.
View 1 Replies
View Related
Feb 28, 2011
I was just exploring if i could create a normal user without a home directory. So i edited the file /etc/defaults/useradd and it now shows
[code]...
Why is this so? why isnt the change in useradd reflected here?
View 1 Replies
View Related
Nov 5, 2009
I get spammed with this message by the troubleshooter, is the audit-libs package related to this ? there was an update today.
View 2 Replies
View Related
