Next: 5 Configuration elements for
Up: 4 Login by RBAC
Previous: 4.1 Check role
Contents
To do administrative work, you have to switch role to sysadm_r role.
You can do it by newrole command, like below.
# newrole -r sysadm_r
Authenticating root
Password:
You have to enter password of current user(this case root).
Then check role by id command.
# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),
3(sys),4(adm),6(disk),10(wheel)
context=root:sysadm_r:sysadm_t
Role is sysadm_r. Domain of user shell is sysadm_t. sysadm_t is
unconfined domain, so you can do any work.
To switch role, the user must be allowed to use the role, if the user is
not allowed to use the role, newrole will fail.
To allow user to use role, see next section.
2006-07-05