Re: system user home

On Jul 19, 2010, at 9:32 AM, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/16/2010 12:56 PM, Vadym Chepkov wrote: >> Hi, >> >> Whenever I try to modify a policy I get a warning like this: >> >> /usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin. >> >> And this is true, I did create a system account with home in /var/lib/application >> But, I need this account to have a real shell. How can I make SELinux happy? >> >> Thank you, >> Vadym Chepkov >> -- >> selinux mailing list >> selinux(a)lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/selinux > Can you set the UID < 500? > > Which OS is causing this? > > In F12 and F13 you can add > > > usepasswd=FALSE > > to /etc/selinux/semanage.conf > > Which will tell genhomedircon to stop looking in /etc/passwd for homedirs. It's RHEL5, so, no such option in semanage.conf I have 2 userid defined this way: app:x:610:610:App subsystem:/var/lib/application:/bin/bash appftp:x:611:611:App ftp subsystem:/var/lib/application/ftproot:/bin/bash SELinux is only unhappy about the first one. I will try to change id, but it's strange it only affect one out of two Thanks, Vadym

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxFozoACgkQrlYvE4MpobPrVACgsCjfZOsafXf99jqwI4iZChix K8oAnRsCl9Tzx2uPeQAEh+7O3RxebdY5 =TAK4 -----END PGP SIGNATURE-----