Hi , Check the output for the same.
* getsebool -a | grep ssh* fenced_can_ssh --> off selinuxuser_use_ssh_chroot --> on ssh_chroot_rw_homedirs --> off ssh_keysign --> off ssh_sysadm_login --> on On Wed, Nov 29, 2017 at 1:52 PM, Dominick Grift <[email protected]> wrote: > On Wed, Nov 29, 2017 at 09:33:31AM +0530, Aman Sharma wrote: > > Hi Stephen, > > > > Below is the output of command : > > > > * sestatus -v output* > > *SELinux status: enabled* > > *SELinuxfs mount: /sys/fs/selinux* > > *SELinux root directory: /etc/selinux* > > *Loaded policy name: targeted* > > *Current mode: enforcing* > > *Mode from config file: permissive* > > *Policy MLS status: enabled* > > *Policy deny_unknown status: allowed* > > *Max kernel policy version: 28* > > > > *Process contexts:* > > *Current context: > > system_u:system_r:unconfined_t:s0-s0:c0.c1023* > > *Init context: system_u:system_r:init_t:s0* > > */usr/sbin/sshd system_u:system_r:sshd_t:s0- > s0:c0.c1023* > > > > *File contexts:* > > *Controlling terminal: system_u:object_r:sshd_devpts_t:s0* > > */etc/passwd system_u:object_r:passwd_file_t:s0* > > */etc/shadow system_u:object_r:shadow_t:s0* > > */bin/bash system_u:object_r:shell_exec_t:s0* > > */bin/login system_u:object_r:login_exec_t:s0* > > */bin/sh system_u:object_r:bin_t:s0 -> > > system_u:object_r:shell_exec_t:s0* > > */sbin/agetty system_u:object_r:getty_exec_t:s0* > > */sbin/init system_u:object_r:bin_t:s0 -> > > system_u:object_r:init_exec_t:s0* > > */usr/sbin/sshd system_u:object_r:sshd_exec_t:s0* > > */lib/libc.so.6 system_u:object_r:lib_t:s0 -> > > system_u:object_r:lib_t:s0* > > */lib/ld-linux.so.2 system_u:object_r:lib_t:s0 -> > > system_u:object_r:ld_so_t:s0* > > > > *Also I am using ssh session for login.* > > > > *Please let me know how to change id command context to unconfined_u or > > Sysadm_u.* > > > > Thanks in advance > > Aman > > not sure and shot in dark, but: > > root is assoc. with sysadm_u. sysadm_u is only authorized to use sysadm_r. > if you have the boolean ssh_priv_login set to off then > sysadm_u:sysadm_r:sysadm_t:s0 is inaccessible > pam_selinux attempts to use any other contexts that are accessible, and it > appears that system_u:system_r:unconfined_t was it. > > Do you have the ssh_priv_login boolean set to off? `getsebool -a | grep > ssh` > > > > > On Mon, Nov 27, 2017 at 9:29 PM, Stephen Smalley <[email protected]> > wrote: > > > > > On Fri, 2017-11-24 at 10:47 +0530, Aman Sharma wrote: > > > > > > > > > > > > Hi All, > > > > > > > > Currently Working on Cent OS 7.3 and login as a root User and my Id > > > > command output is : > > > > > > > > id > > > > uid=0(root) gid=0(root) groups=0(root) > > > > context=system_u:system_r:unconfined_t:s0-s0:c0.c1023 > > > > > > > > I want to change System_u:system_r:unconfined_t to sysadm_u:sysadm_r > > > > or unconfined_u:unconfined_r. > > > > > > > > Also showing the output of following command : > > > > > > > > semanage user -l > > > > > > > > Labeling MLS/ MLS/ > > > > SELinux User Prefix MCS Level MCS Range > > > > SELinux Roles > > > > > > > > admin_u user s0 s0-s0:c0.c1023 > > > > sysadm_r system_r > > > > guest_u user s0 s0 > > > > guest_r > > > > root user s0 s0-s0:c0.c1023 > > > > staff_r sysadm_r > > > > specialuser_u user s0 s0 > > > > sysadm_r system_r > > > > staff_u user s0 s0-s0:c0.c1023 > > > > staff_r sysadm_r system_r > > > > sysadm_u user s0 s0-s0:c0.c1023 > > > > sysadm_r > > > > system_u user s0 s0-s0:c0.c1023 > > > > system_r > > > > unconfined_u user s0 s0-s0:c0.c1023 > > > > system_r unconfined_r > > > > user_u user s0 s0 > > > > user_r > > > > xguest_u user s0 s0 > > > > xguest_r > > > > > > > > > > > > semanage login -l > > > > > > > > Login Name SELinux User MLS/MCS Range > > > > Service > > > > > > > > __default__ sysadm_u s0-s0:c0.c1023 * > > > > ccmservice specialuser_u s0 * > > > > cucm admin_u s0-s0:c0.c1023 * > > > > drfkeys specialuser_u s0 * > > > > drfuser specialuser_u s0 * > > > > informix specialuser_u s0 * > > > > pwrecovery specialuser_u s0 * > > > > root sysadm_u s0-s0:c0.c1023 * > > > > sftpuser specialuser_u s0 * > > > > system_u sysadm_u s0-s0:c0.c1023 * > > > > > > > > > > > > Can anybody Please help me. > > > > > > What is your sestatus -v output? How are you logging in (console, gdm, > > > ssh, ...)? > > > > > > You don't appear to be running the default policy, or if you are, > > > someone has heavily customized your user and login mappings. > > > > > > > > > > > > > > > -- > > > > Thanks > > Aman > > Cell: +91 9990296404 | Email ID : [email protected] > > -- > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 > Dominick Grift > -- Thanks Aman Cell: +91 9990296404 | Email ID : [email protected]
