LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 01-01-2008, 08:01 AM   #1
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 177

Rep: Reputation: 17
selinux not allowing su to root


I can no longer su to root

When i log in via ssh as a normal user (user is in the wheel group also) and try to su to root with the su - command I dont even get prompted for the password. It just ignores the request and gives me my normal user prompt back.

I figured out that is I disable selinux (setenforce 0) I am then able to su without issues.

I can however login directly as root via ssh even though I add PermitRootLogin no to the /etc/ssh/sshd_config file. (See this thread: http://www.linuxquestions.org/questi...orking-610278/)


So here you can see my problem. I want to disable root login via ssh, but I can not until I can make sure I can su to root from a normal account.

Does anyone know of a special boolean for selinux or something I need to do to correct this?
 
Old 01-02-2008, 01:28 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
On some systems, if you have the permissions setting on paranoid, the su program won't be suid.
This isn't an suid setting however.
Does the selinux configuration dialog have an entry for "su"? It may have a setting whether the su command can only be executed on a local terminal.

Last edited by jschiwal; 01-02-2008 at 01:29 AM.
 
Old 01-02-2008, 06:47 AM   #3
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 177

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by jschiwal View Post
On some systems, if you have the permissions setting on paranoid, the su program won't be suid.
This isn't an suid setting however.
Does the selinux configuration dialog have an entry for "su"? It may have a setting whether the su command can only be executed on a local terminal.
No I didnt see one, and I also checked the permissions of the actual su file. The funny thing was that even root couldnt su to a user.
 
Old 01-03-2008, 05:39 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603
Any related AVC messages in the system logs?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux is not allowing mysql server to start shobhit Linux - Security 1 07-22-2007 05:56 AM
restricting root with selinux wojtekjs Linux - Security 1 12-15-2005 10:00 PM
Allowing port access to non-root joosep Linux - Networking 1 08-05-2005 09:24 AM
Allowing root to use X indigojo_uk Linux - Distributions 3 12-19-2003 06:38 AM
Allowing non-root to use mounted partition Sir Gawain Linux - General 11 10-16-2003 04:19 PM


All times are GMT -5. The time now is 07:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration