Next: 4 Login by RBAC
Up: SELinux Policy Editor RBAC(Role
Previous: 2 Enable RBAC
Contents
Following 3 roles are defined by default.
- sysadm_r
It is role for administrator. It can work as unconfined
domain sysadm_t. By default, only root can login as the role.
- staff_r
It is role, to do not administrative work for administrative
user.
By default, only root can login as the role.
- user_r
It is a role for normal users. By default, user_u can login as
root.
user_u is a user that is not configured RBAC, by default users
except root.
- Attention
- su command can not be used, except sysadm_r
- Only user who can use sysadm_r can login from gdm.
You need to add a lots of configurations to login from
other roles, and it may decrease security. By default
only root user can login from X. If other users want to
login from X, you have to allow to use sysadm_r, but be
careful, because behavior of such users are not confined
by SELinux.
- Configure to use sysadm_r
Usually, you will not login root user directly. You
will use su, you have to allow some user to use sysadm_r.
For example to allow user ynakam to use sysadm_r, add following after user root; in /etc/seedit/policy/sysadm_r.sp.
user ynakam;
Next: 4 Login by RBAC
Up: SELinux Policy Editor RBAC(Role
Previous: 2 Enable RBAC
Contents
2006-07-05