question why newrole gives error
Daniel J Walsh
dwalsh at redhat.com
Wed May 8 15:38:13 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/08/2013 11:23 AM, John Emrich wrote:
> Hello,
>
> Running Fedora-18. When executing the newrole command I consistently get
> the same error message "incorrect password for xyzuser". I have su'd to
> root. Everything appears valid. Below is a snippet from a terminal session
> that demonstrates the error message. I receive the same error regardless
> whether I am in enforcement mode or not. Any suggestions as to the cause?
>
>
> [root at localhost xyzuser]# newrole -r system_r -t sysadm_t Password:
> newrole: incorrect password for xyzuser Error sending audit message.
> [root at localhost xyzuser]# semanage user -l
>
> Labeling MLS/ MLS/ SELinux User Prefix MCS Level MCS Range
> SELinux Roles
>
> ... deleted lines ... root user s0 s0-s0:c0.c1023
> staff_r sysadm_r system_r unconfined_r staff_u user s0
> s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r
> sysadm_u user s0 s0-s0:c0.c1023
> sysadm_r system_u user s0 s0-s0:c0.c1023
> system_r unconfined_r unconfined_u user s0 s0-s0:c0.c1023
> system_r unconfined_r ... deleted lines ... [root at localhost xyzuser]# id
> -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>
>
>
> Thank You John Emrich
>
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
I think we had a capability bug. Just add pam_rootok to /etc/pam.d/newrole
and it should work better for you.
I prefer to use sudo for transitioning my user role.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGKcWUACgkQrlYvE4MpobPdsgCgyxTvROuzdPk4vvsXqcuiBqQ/
ddsAnRhxQ/kPOatbpjJQ7ThodyO3b7mU
=82Xe
-----END PGP SIGNATURE-----
More information about the selinux
mailing list