LinuxQuestions.org - selinux not allowing su to root

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - selinux not allowing su to root (https://www.linuxquestions.org/questions/linux-security-4/selinux-not-allowing-su-to-root-610343/)

selinux not allowing su to root

I can no longer su to root

When i log in via ssh as a normal user (user is in the wheel group also) and try to su to root with the su - command I dont even get prompted for the password. It just ignores the request and gives me my normal user prompt back.

I figured out that is I disable selinux (setenforce 0) I am then able to su without issues.

I can however login directly as root via ssh even though I add PermitRootLogin no to the /etc/ssh/sshd_config file. (See this thread: http://www.linuxquestions.org/questi...orking-610278/)

So here you can see my problem. I want to disable root login via ssh, but I can not until I can make sure I can su to root from a normal account.

Does anyone know of a special boolean for selinux or something I need to do to correct this?

On some systems, if you have the permissions setting on paranoid, the su program won't be suid.
This isn't an suid setting however.
Does the selinux configuration dialog have an entry for "su"? It may have a setting whether the su command can only be executed on a local terminal.

Quote:

Originally Posted by jschiwal (Post 3008250)

No I didnt see one, and I also checked the permissions of the actual su file. The funny thing was that even root couldnt su to a user.

Any related AVC messages in the system logs?