Hi. I'm wondering about the permissions new users get when they are created. Before SELinux I had to add users to 'wheel' to enable them to su to root.
I did an adduser and it seems to be unrestricted:
[testse@lankhmar ~]$ id -Z user_u:system_r:unconfined_t
and the user is able to su to root. Is this normal? How would I keep the user from being able to su?
I added: user testse roles { user_r };
to /etc/selinux/targeted/src/policy/users and did: make load
This didn't seem to make any difference.
This is on FC3 (2.6.10-1.760_FC3) selinux-policy-targeted-1.17.30-2.75
[root@lankhmar ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 18 Policy from config file:targeted
I'm not sure if this is clear, or enough information. I tried searching the archives but didn't find anything. [I may be searching incorrectly].
Thanks, Richard.
On Thursday 10 February 2005 11:13, Richard Jensen richard@rhjensen.com wrote:
Hi. I'm wondering about the permissions new users get when they are created. Before SELinux I had to add users to 'wheel' to enable them to su to root.
You can enable that feature by editing /etc/pam.d/su .
I did an adduser and it seems to be unrestricted:
[testse@lankhmar ~]$ id -Z user_u:system_r:unconfined_t
Fedora Core 3 and RHEL4 install the "targeted" policy by default which does not restrict user logins. You have to install the "strict" policy to restrict user logins.
selinux@lists.fedoraproject.org