[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    RE: bash_profile: Permission denied
From:       "James R. Marcus" <jmarcus () mvalent ! net>
Date:       2004-09-27 18:29:34
Message-ID: E6E16A6D4277CD459BBDE6713766033CB72208 () exchange ! mvalent ! local
[Download RAW message or body]

Sorry I haven't replied to this sooner. I'm fine with .bash_profile
getting a permission denied.  The first issue was that when I was
switching back and forth from permissive to enforced mode, my new login
shell would hang on the permission denied error, and I would never get
to a prompt. Maybe this was an issue with my ssh client? This error
seems to be some extreme case, because without changing anything it
appears I can login as root while in enforced mode.

James

-----Original Message-----
From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov]
On Behalf Of Russell Coker
Sent: Friday, September 24, 2004 4:25 AM
To: Luke Kenneth Casson Leighton
Cc: Daniel J Walsh; James R. Marcus; selinux@tycho.nsa.gov
Subject: Re: bash_profile: Permission denied

On Fri, 24 Sep 2004 09:15, Luke Kenneth Casson Leighton <lkcl@lkcl.net>
wrote:
>  ah, but running newrole is not enough: not having write access to
>  /root/.bash_profile results in bash not _reading_ the file either.

I wrote the following in my previous message to James R. Marcus on the
same 
topic:

If you enable the boolean staff_read_sysadm_file then staff_t can read 
sysadm_home_t files and can search sysadm_home_dir_t directories.  This
will 
allow you to login as root:staff_r:staff_t without any warning messages
AND 
with the aliases etc from .bashrc defined.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux
packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]