What is the correct way to create a users home dir

Daniel J Walsh dwalsh at redhat.com
Wed Feb 12 18:44:06 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/12/2014 01:31 PM, Jayson Hurst wrote:
> Same results:
> 
> # ls -laZ drwxr-xr-x. root   root   system_u:object_r:home_root_t:s0 . 
> dr-xr-xr-x. root   root   system_u:object_r:root_t:s0      ..
> 
> # ssh tu-1 at localhost tu-1 at localhost's password:
> 
> -sh-4.1$ ls -laZ drwx------. tu-1 UnixGroup
> system_u:object_r:home_root_t:s0 . drwxr-xr-x. root root
> system_u:object_r:home_root_t:s0 .. -rw-r--r--. tu-1 UnixGroup
> system_u:object_r:home_root_t:s0 .bash_logout -rw-r--r--. tu-1 UnixGroup
> system_u:object_r:home_root_t:s0 .bash_profile -rw-r--r--. tu-1 UnixGroup
> system_u:object_r:home_root_t:s0 .bashrc drwxr-xr-x. tu-1 UnixGroup
> system_u:object_r:home_root_t:s0 .gnome2 drwxr-xr-x. tu-1 UnixGroup
> system_u:object_r:home_root_t:s0 .mozilla -rw-------. tu-1 UnixGroup
> unconfined_u:object_r:home_root_t:s0 .vas_disauthcc_100001 -rw-r--r--. tu-1
> UnixGroup system_u:object_r:home_root_t:s0 .vas_logon_server -sh-4.1$ exit 
> logout Connection to localhost closed.
> 
> # ls -laZ drwxr-xr-x. root   root      system_u:object_r:home_root_t:s0 . 
> dr-xr-xr-x. root   root      system_u:object_r:root_t:s0      .. 
> drwx------. tu-1   UnixGroup system_u:object_r:home_root_t:s0 tu-1
> 
> Does the home directory creation script have to be labelled any particular
> type? The main daemon is running as type qasd_t and the binary is labelled
> as qasd_exec_t, the script is labelled as qasd_bin_t. I am not sure if this
> matters.
> 
> unconfined_u:system_r:qasd_t:s0 root           4321     1    0 Feb11 ?
>  00:00:12 /opt/quest/sbin/.vasd -p /var/opt/quest/vas/vasd/.vasd.pid 
> unconfined_u:system_r:qasd_t:s0 daemon    4333  4321  0 Feb11 ?
> 00:00:23 /opt/quest/sbin/.vasd -p /var/opt/quest/vas/vasd/.vasd.pid
> 
> The script that creates the directory is doing nothing special, just a
> mkdir /home/$username, sets the user as the owner and changes permissions
> and then copies over the skel files.
> 
> 
>> Date: Wed, 12 Feb 2014 13:12:58 -0500 From: dwalsh at redhat.com To:
>> swazup at hotmail.com; selinux at lists.fedoraproject.org Subject: Re: What is
>> the correct way to create a users home dir
>> 
> On 02/12/2014 01:05 PM, Jayson Hurst wrote:
>> l# sesearch -T -s qasd_t -c dir Found 5 semantic te rules: type_member 
>> qasd_t user_home_dir_t : dir user_home_dir_t; type_transition qasd_t 
>> user_home_dir_t : dir user_home_t; type_transition qasd_t var_auth_t :
>> dir qasd_var_auth_t; type_transition qasd_t etc_t : dir qasd_conf_t; 
>> type_transition qasd_t home_root_t : dir user_home_dir_t;
> 
> 
> Could you test again.
> 
> 
I wonder if the script is actually running as qasd_t, could you run id -Z
within the script to write its label to a file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlL7wPYACgkQrlYvE4MpobMQFwCffP8DPoNJ5anffoAgXrXSwHcP
dvUAoIcRY1q7qaSdXIen2oWhQAe8C80D
=02X7
-----END PGP SIGNATURE-----

More information about the selinux mailing list