OK, how is this suppose to work or is there a bug here ...
I am logged in as an admin user but have a couple of regular (non priv) users defined to the system. From the admin user I do "su - genec" and enter genec's password. I then get a prompt to see if I want to change the security context (default=y) and I try role:user_r and type:user_t ... nope, will not accept those (what should I be specifying?).
Try again but respond "n" to the prompt ... I get in but there is an error message that su cannot change the directory. Once in I can change the directory. How should this be working.
Note: if I ssh into the box I can "su - xx" with no prompts for context changes.
Gene
Gene Czarcinski wrote:
OK, how is this suppose to work or is there a bug here ...
I am logged in as an admin user but have a couple of regular (non priv) users defined to the system. From the admin user I do "su - genec" and enter genec's password. I then get a prompt to see if I want to change the security context (default=y) and I try role:user_r and type:user_t ... nope, will not accept those (what should I be specifying?).
Try again but respond "n" to the prompt ... I get in but there is an error message that su cannot change the directory. Once in I can change the directory. How should this be working.
Note: if I ssh into the box I can "su - xx" with no prompts for context changes.
Gene
The ssh behavior is currect. The only time you should get prompted for security contexts is if the user has the ability to have more than one security context. This is a bug and should be put in bugzilla.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org