Redhat: SELINUX Users

From Define Wiki
Jump to navigation Jump to search

Default Regular Users

In RHEL 6 with a default insall, all regular "Default" users have the same privileges as the root user. This is shown using the semanage. 

semanage login -l

Login Name                SELinux User              MLS/MCS Range

__default__               unconfined_u              s0-s0:c0.c1023
root                      unconfined_u              s0-s0:c0.c1023
system_u                  system_u                  s0-s0:c0.c1023

This is confirmed when by running the id -Z command as a regular user: 

Needs to be added


SELinux User Roles

guest_u No GUI, No Networking, no access to su or sudo
xguest_u GUI, Networking only through firefox
user_u GUI and Networking
staff_u GUI, Networking and Sudo
unconfined_u Full System Access

Confining a user with SELinux

Regular users should be confined by SELinux. If and when user accounts are compromised, SELinux will limit any damage that can be done. To set user michael to the user_u role use the command below. This modifies the targeted policy store and sets the MLS range to level s0 


semanage login -a -s user_u michael
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=Redhat:_SELINUX_Users&oldid=3144"