On Sunday 26 February 2006 14:05, Stuart Sears wrote: > On Sunday 26 February 2006 11:34, Anne Wilson wrote: > > SELinux is installed but disabled, according to > > system-config-services, > > I hope you mean system-config-securitylevel :) Oops - yes. > getenforce (as root) will confirm this for you. It will report > Disabled, Permissive, or Enforcing. It reports Disabled. > only the 3rd of these will cause SElinux to forbid actions on your > system. > is this FC3 or FC4 or one of the FC5 test releases? > This is FC4. > > yet I have problems with permissions which > > appear to get re-set. When I change the permissions attributes of a > > folder I always get an error dialogue. The perms appear to change, > > but later I find that they have been re-set. This makes sharing > > folders difficult if I want to enforce owner/group attributes. > > which folders* are these? > do they belong to you (your current logged-in user)? On the server box, there is a public directory at top leve, /Public and also a public directory below my home, /home/anne/Anne-Public (different purposes). > how are you changing their permissions? In both those cases I was using kdesu konqueror. I've changed perms on quite a few files and directories, some from konqueror and some from the CLI, that have been fine, but others give me that error dialogue, and they seem to revert. I haven't kept a record of which ones stick and which ones don't, so perhaps I should. Another thing that I've noticed when changing permissions recursively in my own directory is that some branches follow through, while others cause the error and do not get changed. > are they mountpoints created automatically by udev? > exactly what do the error messages say? > Nothing useful - just 'Error -' and the name of the file/directory. > > Is this being caused by SELinux or something else? > > are you seeing errors in /var/log/audit/audit.log? I don't think there's anything that relates to this. There are a bunch like type=USER_CHAUTHTOK msg=audit(1139487880.406:1865302): user pid=5883 uid=0 auid=4294967295 msg='useradd: op=adding user acct=dbus res=failed' a couple like type=USER_AUTH msg=audit(1139506523.247:6): user pid=2571 uid=0 auid=4294967295 msg='PAM authentication: user=? exe="/usr/bin/gdm-binary" (hostname=?, addr=?, terminal=:0 result=Authentication failure)' and a few cups problems like type=USER_AUTH msg=audit(1139680324.390:85): user pid=2101 uid=0 auid=4294967295 msg='PAM authentication: user=root exe="/usr/sbin/cupsd" (hostname=?, addr=?, terminal=? result=Authentication failure)' type=USER_AUTH msg=audit(1139680396.628:86): user pid=2101 uid=0 auid=4294967295 msg='PAM authentication: user=root exe="/usr/sbin/cupsd" (hostname=?, addr=?, terminal=? result=Success)' > AFAIK SElinux does not change the standard UNIX-style permissions on > files or directories. > I wondered if certain files/directories were protected by default. I also wondered if I have imported problem when copying files across from my old Mandriva installation. My plan was to keep SELinux out of the picture until I was sure everthing was behaving correctly, then introduce it when I could study and control the effects. This is new to me. I've used a firewall before, shorewall, but that's all. The software firewall is secondary to the hardware one. I could also be being influenced by my experiences with Mandriva's msec, where you had to exclude certain things specifically if you didn't want them to be controlled ;-) Anne
Attachment:
pgpbHHWhsgCl5.pgp
Description: PGP signature
