system user home
Vadym Chepkov
vchepkov at gmail.com
Tue Jul 20 12:08:53 UTC 2010
On Jul 19, 2010, at 9:32 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/16/2010 12:56 PM, Vadym Chepkov wrote:
>> Hi,
>>
>> Whenever I try to modify a policy I get a warning like this:
>>
>> /usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.
>>
>> And this is true, I did create a system account with home in /var/lib/application
>> But, I need this account to have a real shell. How can I make SELinux happy?
>>
>> Thank you,
>> Vadym Chepkov
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> Can you set the UID < 500?
>
> Which OS is causing this?
>
> In F12 and F13 you can add
>
>
> usepasswd=FALSE
>
> to /etc/selinux/semanage.conf
>
> Which will tell genhomedircon to stop looking in /etc/passwd for homedirs.
It's RHEL5, so, no such option in semanage.conf
I have 2 userid defined this way:
app:x:610:610:App subsystem:/var/lib/application:/bin/bash
appftp:x:611:611:App ftp subsystem:/var/lib/application/ftproot:/bin/bash
SELinux is only unhappy about the first one.
I will try to change id, but it's strange it only affect one out of two
Thanks,
Vadym
More information about the selinux
mailing list