To configure access control to home directories, we could use
~/ . In normal domain, it means all users home
directories. But, for configuration of role, the meaning is different.
The rule is simple:
~/ means home directories for users that can use roleLet's see example.
{
1:role webmaster_r;
2:user web1;
3:user web2;
4:allow ~/** r,w,s;
In this case, line 4 is allow to write home directories for user1 and
user2.
So, when user web1/web2 login as webmaster_r role, they can read write
their home directories, but can not access other users home directories.
{
1:role user_r;
2:user user_u;
3:allow ~/** r,w,s;
user_u is supported, too. Line 3 means home directories for user_u users.