Difference between revisions of "Redhat: SELINUX Users"
Jump to navigation
Jump to search
| Line 44: | Line 44: | ||
semanage login -a -s user_u michael | semanage login -a -s user_u michael | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | This modifies the targeted policy store and sets the MLS range to level s0 | ||
Revision as of 20:15, 17 August 2013
Default Regular Users
In RHEL 6 with a default insall, all regular "Default" users have the same privileges as the root user. This is shown using the semanage.
semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ unconfined_u s0-s0:c0.c1023
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023This is confirmed when by running the id -Z command as a regular user:
Needs to be added
SELinux User Roles
| guest_u | No GUI, No Networking, no access to su or sudo |
| xguest_u | GUI, Networking only through firefox |
| user_u | GUI and Networking |
| staff_u | GUI, Networking and Sudo |
| unconfined_u | Full System Access |
Confining a user with SELinux
Regular users should be confined by SELinux. If and when user accounts are compromised, SELinux will limit any damage that can be done. To set user michael to the user_u role:
semanage login -a -s user_u michaelThis modifies the targeted policy store and sets the MLS range to level s0