[Clip] Root lock out
Brandon Whalen
bwhalen at tresys.com
Wed May 6 09:34:59 CDT 2009
Julian,
It appears that the su policy does not have the permissions to allow users
to update their passwords, only to check them. If you have a patch, I¹d be
willing to review and possibly accept it. Otherwise, I¹ll spend some time
today and tomorrow writing one and update our release once I¹ve tested it
all out.
Brandon
On 5/6/09 9:03 AM, "Julian Onions" <Julian.Onions at nexor.com> wrote:
> Anyone have any ideas on this one that we've just tripped over.
>
> After installing a clip system, we age the password of root to force it to be
> changed
> chage -d 0 root
> However when attempting to su to root now, you are forced to change your
> password, as expected.
> However this fails because sysadm_su_t is not allowed access to crack_db_t -
> also doesn't have access to shadow_t and a number of others things it needs.
> I was wondering therefore how to get around this.
> Also - where does the transition from sysadm_su_t to sysadm_t happen?
>
> Thanks
> Julian
>
> DISCLAIMER: Privileged or confidential information may be contained in this
> message or within any files transmitted with it. If you are not the intended
> recipient, kindly destroy the message and notify the sender by reply email.
> Opinions, conclusions and other information in this message that do not relate
> to the official business of Nexor are neither given nor endorsed by it.
>
>
>
> _______________________________________________
> Clip mailing list
> Clip at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/clip
Brandon Whalen Tresys Technology
v: 443-539-0747 Suite 2100
f: 410-953-0494 8840 Stanford Blvd
bwhalen at tresys.com Columbia, MD 21045
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/clip/attachments/20090506/c5fd1df8/attachment.html
More information about the Clip
mailing list