'Re: [lids] NOTHING can access /etc/shadow.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lids-user
Subject:    Re: [lids] NOTHING can access /etc/shadow.
From:       steve <steve () clublinux ! org>
Date:       2001-02-23 2:32:46
[Download RAW message or body]


Hi Adam,

It must be working for unix_chkpwd, otherwise how could you log in? :-)

Did you do: lidsadm -S -- +RELOAD_CONF   
after reloading the lids config file, did you restart xdm?

I don't see anything in your config that would deny any access to
/etc/shadow.  Everything should be able to see it.

Is that the complete listing?

What errors do you get when you try to start ssh?

Steve

adam-egroups@flounder.net wrote:
> 
> OK, I have been trying for an hour now to get xdm and xlock to be able
> to access /etc/shadow.  Can someone please tell me why this is not
> working?
> 
> # lidsadm -L
> LIST
>         Subject          ACCESS TYPE     Object
>      -----------------------------------------------------
>           Any File          READ              /bin
>           Any File          READ             /sbin
>           Any File         WRITE              /etc
>           Any File          READ        /usr/X11R6/bin
>           Any File          READ        /usr/sbin/sshd
>           Any File         WRITE                 /
>           Any File          READ        /etc/shadow
>         /bin/login          READ        /etc/shadow
>            /bin/su          READ        /etc/shadow
>         /usr/X11R6/bin/xlock        READ(inherit)       /etc/shadow
>         /usr/X11R6/bin/xdm          READ        /etc/shadow
>         /sbin/unix_chkpwd           READ        /etc/shadow
>         /usr/sbin/sshd      READ(inherit)       /etc/shadow
>           Any File         WRITE          /var/log
>           Any File         WRITE        /var/log/wtmp
>           Any File          READ        /usr/X11R6/bin/XFree86
>         /usr/X11R6/bin/XFree86  NO_INHERIT      CAP_SYS_RAWIO
>           Any File          READ         /bin/ping
>          /bin/ping      NO_INHERIT      CAP_NET_RAW
>           Any File          READ        /usr/sbin/traceroute
>         /usr/sbin/traceroute    NO_INHERIT      CAP_NET_RAW
>         /usr/sbin/sshd  NO_INHERIT      CAP_NET_BIND_SERVICE
>           Any File         WRITE         /etc/mtab
>         /sbin/fsck.ext2    WRITE         /etc/mtab
>         /bin/login         WRITE        /var/log/lastlog
> 
> I also can't even get sshd to start:
> 
> $ sudo /etc/init.d/ssh start
> Starting OpenBSD Secure Shell server: sshd.
> $ telnet localhost 22
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Connection refused
> 
> --Adam
> 
> 
> 
> 
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

------------------------ Yahoo! Groups Sponsor ---------------------~-~>
eGroups is now Yahoo! Groups
Click here for more details
http://us.click.yahoo.com/kWP7PD/pYNCAA/4ihDAA/0qAVlB/TM
---------------------------------------------------------------------_->

 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic