What is the correct way to create a users home dir

Jayson Hurst swazup at hotmail.com
Wed Feb 12 18:31:48 UTC 2014 

Same results:

# ls -laZ
drwxr-xr-x. root   root   system_u:object_r:home_root_t:s0 .
dr-xr-xr-x. root   root   system_u:object_r:root_t:s0      ..

# ssh tu-1 at localhost
tu-1 at localhost's password: 

-sh-4.1$ ls -laZ
drwx------. tu-1 UnixGroup system_u:object_r:home_root_t:s0 .
drwxr-xr-x. root root      system_u:object_r:home_root_t:s0 ..
-rw-r--r--. tu-1 UnixGroup system_u:object_r:home_root_t:s0 .bash_logout
-rw-r--r--. tu-1 UnixGroup system_u:object_r:home_root_t:s0 .bash_profile
-rw-r--r--. tu-1 UnixGroup system_u:object_r:home_root_t:s0 .bashrc
drwxr-xr-x. tu-1 UnixGroup system_u:object_r:home_root_t:s0 .gnome2
drwxr-xr-x. tu-1 UnixGroup system_u:object_r:home_root_t:s0 .mozilla
-rw-------. tu-1 UnixGroup unconfined_u:object_r:home_root_t:s0 .vas_disauthcc_100001
-rw-r--r--. tu-1 UnixGroup system_u:object_r:home_root_t:s0 .vas_logon_server
-sh-4.1$ exit
logout
Connection to localhost closed.

# ls -laZ
drwxr-xr-x. root   root      system_u:object_r:home_root_t:s0 .
dr-xr-xr-x. root   root      system_u:object_r:root_t:s0      ..
drwx------. tu-1   UnixGroup system_u:object_r:home_root_t:s0 tu-1

Does the home directory creation script have to be labelled any particular type? The main daemon is running as type qasd_t and the binary is labelled as qasd_exec_t, the script is labelled as qasd_bin_t. I am not sure if this matters.

unconfined_u:system_r:qasd_t:s0 root           4321     1    0 Feb11 ?        00:00:12 /opt/quest/sbin/.vasd -p /var/opt/quest/vas/vasd/.vasd.pid
unconfined_u:system_r:qasd_t:s0 daemon    4333  4321  0 Feb11 ?        00:00:23 /opt/quest/sbin/.vasd -p /var/opt/quest/vas/vasd/.vasd.pid

The script that creates the directory is doing nothing special, just a mkdir /home/$username, sets the user as the owner and changes permissions and then copies over the skel files.


> Date: Wed, 12 Feb 2014 13:12:58 -0500
> From: dwalsh at redhat.com
> To: swazup at hotmail.com; selinux at lists.fedoraproject.org
> Subject: Re: What is the correct way to create a users home dir
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 02/12/2014 01:05 PM, Jayson Hurst wrote:
> > l# sesearch -T -s qasd_t -c dir Found 5 semantic te rules: type_member
> > qasd_t user_home_dir_t : dir user_home_dir_t; type_transition qasd_t
> > user_home_dir_t : dir user_home_t; type_transition qasd_t var_auth_t : dir
> > qasd_var_auth_t; type_transition qasd_t etc_t : dir qasd_conf_t; 
> > type_transition qasd_t home_root_t : dir user_home_dir_t;
> > 
> 
> Could you test again.
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iEYEARECAAYFAlL7uaoACgkQrlYvE4MpobNU+wCfbaiM2LiQ1uc4tbWfDfwXyhlS
> bXEAoIpMDcQbTuUdZs36alkz5zGZPKTz
> =X747
> -----END PGP SIGNATURE-----
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20140212/17433f31/attachment.html>

More information about the selinux mailing list