Non-root console login issue! (was: Problem with VNC and SELinux: FC4)
Daniel B. Thurman
dant at cdkkt.com
Sat Dec 17 22:30:28 UTC 2005
>From: fedora-list-bounces at redhat.com
>[mailto:fedora-list-bounces at redhat.com]On Behalf Of Daniel B. Thurman
>Sent: Friday, December 16, 2005 6:11 PM
>To: For users of Fedora Core releases (E-mail)
>Cc: Fedora SELinux support list for users & developers.
>Subject: Problem with VNC and SELinux: FC4
>
>
>
>Folks,
>
>With the new SELinux updates, it appears that root,
>other than normal users can login to Fedora via VNC
>Server? My VNC Server is setup such that I am using
>xinitd for VNC Server requests.
>
>Another problem I noticed is that when I log into my
>Fedora system via VNC as root user, and open a xterm
>window and run a su - <normal-user>, I get back a
>SElinux message:
>
>================================================
># su - dan
>Your default context is: user_u:system_r:kernel_t.
>
>Do you want to want to choose a different one? [n]
>================================================
>
>It is *possible* that this problem came up when
>I had to make a copy of my filesystem to another
>hard-disk for the purpose of creating a /boot
>partition (my bad) and copied/restored the filesystem
>back over to the main drive. I don't think I made
>any copy/restore mistakes as I know the fs permissions
>are correct but I cannot speak for filesystem journaling
>or whatever that keeps track of the SELinux attributes.
>
>In any case, what can I do to resolve my VNC and/or su
>issue knowing that SElinux has something to do with it?
>
>Thanks!
>Dan Thurman
>
Problem is not related to SELinux and not really related
to VNC. It turns out that I cannot log into the console
as a non-root user and I get a message saying:
=======================================================
Your session lasted less than 10 seconds. If you have not
logged out yourself, this could mean that there is some
installation problem or that you may be out of diskspace.
Try logging in with one of the failsafe sessions to see if
you can fix this problem.
[] View details (~/.xsession-errors file)
=======================================================
The problem here is that the .xsession-errors file does
not exist. I also note from /var/log/message file:
=======================================================
Dec 17 12:45:31 linux gdm(pam_unix)[16480]: session opened for user dant by (uid=0)
Dec 17 12:45:32 linux gdm(pam_unix)[16480]: session closed for user dant
Dec 17 12:45:32 linux dbus: avc: 0 AV entries and 0/512 buckets used, longest chain length 0
=======================================================
And from /var/log/audit/audit.log
=======================================================
type=USER_AUTH msg=audit(1134858412.155:3929): user pid=3397 uid=0 auid=4294967295 msg='PAM authentication: user=dant exe="/usr/bin/gdm-binary" (hostname=?, addr=?, terminal=:0 result=Success)'
type=USER_ACCT msg=audit(1134858412.159:3930): user pid=3397 uid=0 auid=4294967295 msg='PAM accounting: user=dant exe="/usr/bin/gdm-binary" (hostname=?, addr=?, terminal=:0 result=Success)'
type=CRED_ACQ msg=audit(1134858412.247:3931): user pid=3397 uid=0 auid=4294967295 msg='PAM setcred: user=dant exe="/usr/bin/gdm-binary" (hostname=?, addr=?, terminal=:0 result=Success)'
type=USER_START msg=audit(1134858412.307:3932): user pid=3397 uid=0 auid=4294967295 msg='PAM session open: user=dant exe="/usr/bin/gdm-binary" (hostname=?, addr=?, terminal=:0 result=Success)'
=======================================================
File:
# ls -l /usr/bin/gdm-binary
-rwxr-xr-x 1 root root 251668 May 23 2005 /usr/bin/gdm-binary
HALLLLLP! Please :-)
Dan
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.1/206 - Release Date: 12/16/2005
More information about the users
mailing list