Ubuntu
shadow package

user's home directory labeled incorrectly when created with useradd

Bug #347540 reported by Marshall Miller
6
Affects Status Importance Assigned to Milestone
shadow (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: passwd

Ubuntu version: Hardy
passwd version: 4.0.18.2

Steps to reproduce:
Install selinux
apt-get install selinux

Create user with non-default selinux user login mapping
useradd -m -G admin adminuser
passwd adminuser
semanage login -a -s root adminuser

Login as adminuser and create a user
sudo useradd -m testuser

View the SELinux label assigned to testuser's home directory
ls -dZ /home/testuser

Expected behavior:
The directory /home/testuser should be labeled
unconfined_u:object_r:user_home_dir_t:s0.

Actual behavior:
The directory /home/testuser is labeled
root:object_r:user_home_dir_t:s0.

This is not a problem unless UBAC is enabled in SELinux policy. If it
were enabled, testuser would not be able to create any files in his/her
home directory.

Attached is a copy of the patch used in Fedora 11's shadow-utils-4.1.2-11.fc11 that
has been modified to apply last in the series of patches in the version
of passwd listed above. The patch also adds the -Z option to
useradd/usermod, which allows the SELinux user associated with a user to
be set when the user is created.

See original description
Revision history for this message
Marshall Miller (mmiller-tresys) wrote :
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.