Next: 4.2 Change role
Up: 4 Login by RBAC
Previous: 4 Login by RBAC
Contents
When you enable RBAC, role are given to login user.
You can see it by id command.
When you login as root user, staff_r role is given.
root is allowed to use staff_r and sysadm_r, but login program give
staff_r role.
Let's see it by id command.
# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),
3(sys),4(adm),6(disk),10(wheel)
context=root:staff_r:staff_t
context=root:staff_r:staff_t
shows role, staff_r is role. User shell is given domain according to
role, in this case staff_t. Inside SELinux, domain is used for access
control.
staff_r is given little access rights. You can not do any
administration work in this role.
For example, you can not access homepage.
# cat /var/www/html/index.html
Permission denied
2006-07-05