LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-01-2008, 09:01 AM   #1
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 179

Rep: Reputation: 17
selinux not allowing su to root


I can no longer su to root

When i log in via ssh as a normal user (user is in the wheel group also) and try to su to root with the su - command I dont even get prompted for the password. It just ignores the request and gives me my normal user prompt back.

I figured out that is I disable selinux (setenforce 0) I am then able to su without issues.

I can however login directly as root via ssh even though I add PermitRootLogin no to the /etc/ssh/sshd_config file. (See this thread: http://www.linuxquestions.org/questi...orking-610278/)


So here you can see my problem. I want to disable root login via ssh, but I can not until I can make sure I can su to root from a normal account.

Does anyone know of a special boolean for selinux or something I need to do to correct this?
 
Old 01-02-2008, 02:28 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
On some systems, if you have the permissions setting on paranoid, the su program won't be suid.
This isn't an suid setting however.
Does the selinux configuration dialog have an entry for "su"? It may have a setting whether the su command can only be executed on a local terminal.

Last edited by jschiwal; 01-02-2008 at 02:29 AM.
 
Old 01-02-2008, 07:47 AM   #3
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 179

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by jschiwal View Post
On some systems, if you have the permissions setting on paranoid, the su program won't be suid.
This isn't an suid setting however.
Does the selinux configuration dialog have an entry for "su"? It may have a setting whether the su command can only be executed on a local terminal.
No I didnt see one, and I also checked the permissions of the actual su file. The funny thing was that even root couldnt su to a user.
 
Old 01-03-2008, 06:39 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,743
Blog Entries: 54

Rep: Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972
Any related AVC messages in the system logs?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux is not allowing mysql server to start shobhit Linux - Security 1 07-22-2007 06:56 AM
restricting root with selinux wojtekjs Linux - Security 1 12-15-2005 11:00 PM
Allowing port access to non-root joosep Linux - Networking 1 08-05-2005 10:24 AM
Allowing root to use X indigojo_uk Linux - Distributions 3 12-19-2003 07:38 AM
Allowing non-root to use mounted partition Sir Gawain Linux - General 11 10-16-2003 05:19 PM


All times are GMT -5. The time now is 07:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration