LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page su issues for non-root user if SELinux is on
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-18-2022, 09:23 AM   #1
sluge
Member
 
Registered: Dec 2006
Location: Russia,52
Posts: 128

Rep: Reputation: 6
Post su issues for non-root user if SELinux is on

Hello,
I have a common user on my RHEL 7.6 server and when SELinux is off, su command works for it. But when SElinux is on, su command doesn't work anymore.
In the PAM sources I found that

Code:
#ifndef HELPER_COMPILE
if (geteuid() || SELINUX_ENABLED)
    return PAM_UNIX_RUN_HELPER;
#endif
a special command unix_chkpwd is used to check the password if SELinux is on. This command has a code:

Code:
 user = getuidname(getuid());
/* if the caller specifies the username, verify that user
   matches it */
if (strcmp(user, argv[1])) {
  user = argv[1];
  /* no match -> permanently change to the real user and proceed */
  if (setuid(getuid()) != 0)
    return PAM_AUTH_ERR;
In my case user is common user name and argv[1] is root, and in that case setuid is executed for uid of common user.
Do you know why it works so?
Is any way to make su works when SELinux is on?
 
Old 01-18-2022, 09:49 AM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,665
Blog Entries: 4

Rep: Reputation: 3945Reputation: 3945Reputation: 3945Reputation: 3945Reputation: 3945Reputation: 3945Reputation: 3945Reputation: 3945Reputation: 3945Reputation: 3945Reputation: 3945
Please describe your scenario exactly. When logged in as a non-root user, exactly what command do you type and exactly what happens in both cases?

Also –*does "sudoers" authorize this command to be used? What does it look like?

"The devil is in the details."
 
  


Reply

Tags
pam, selinux



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Can run program as root but get dependency issues as non-root user everyday Linux - Software 9 10-26-2015 08:47 PM
config root user and non-root user in linux chuikingman Linux - Server 3 05-16-2015 02:32 AM
how can i write to a root:root 750 file with a non-root user? Droa Linux - Newbie 1 05-14-2012 07:49 PM
Does SELinux allow Non-root user bind to port <1024 suddenlyalice Linux - Security 4 10-26-2010 04:59 AM
How to change a process running in root-user to non-root user ???????????????????? narendra1310 Linux - Software 4 10-29-2009 02:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:14 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration