Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

semanage-user(8) [centos man page]

semanage-user(8)														  semanage-user(8)

NAME

       semanage user- SELinux Policy Management SELinux User mapping tool

SYNOPSIS

       semanage  user [-h] [-n] [-N] [-s STORE] [ --add ( -L LEVEL -R ROLES -r RANGE -s SEUSER selinux_name) | --delete selinux_name | --deleteall
       | --extract | --list [-C] | --modify ( -L LEVEL -R ROLES -r RANGE -s SEUSER selinux_name ) ]

DESCRIPTION

       semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation  from  policy  sources.
       semanage user controls the mapping between an SELinux User and the roles and MLS/MCS levels.

OPTIONS

       -h, --help
	      show this help message and exit

       -n, --noheading
	      Do not print heading when listing the specified object type

       -N, --noreload
	      Do not reload policy after commit

       -S STORE, --store STORE
	      Select an alternate SELinux Policy Store to manage

       -C, --locallist
	      List local customizations

       -a, --add
	      Add a record of the specified object type

       -d, --delete
	      Delete a record of the specified object type

       -m, --modify
	      Modify a record of the specified object type

       -l, --list
	      List records of the specified object type

       -E, --extract
	      Extract customizable commands, for use within a transaction

       -D, --deleteall
	      Remove all local customizations

       -L LEVEL, --level LEVEL
	      Default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only)

       -r RANGE, --range RANGE
	      MLS/MCS  Security  Range	(MLS/MCS  Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range.
	      SELinux Range for SELinux user defaults to s0.

       -R [ROLES], --roles [ROLES]
	      SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times.

EXAMPLE

       List SELinux users
       # semanage user -l
       Modify groups for staff_u user
       # semanage user -m -R "system_r unconfined_r staff_r" staff_u
       Add level for TopSecret Users
       # semanage user -a -R "staff_r" -rs0-TopSecret topsecret_u

SEE ALSO

       selinux (8), semanage (8) semanage-login (8)

AUTHOR

       This man page was written by Daniel Walsh <dwalsh@redhat.com>

								     20130617							  semanage-user(8)

Check Out this Related Man Page

semanage(8)															       semanage(8)

NAME

       semanage - SELinux Policy Management tool

SYNOPSIS

       semanage {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit}
		       ...  positional arguments:

       import Import local customizations

       export Output local customizations

       login Manage login mappings between linux users and SELinux confined users

       user Manage SELinux confined users (Roles and levels for an SELinux user)

       port Manage network port type definitions

       interface Manage network interface type definitions

       module Manage SELinux policy modules

       node Manage network node type definitions

       fcontext Manage file context mapping definitions

       boolean Manage booleans to selectively enable functionality

       permissive Manage process type enforcement mode

       dontaudit Disable/Enable dontaudit rules in policy

DESCRIPTION

       semanage  is  used  to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
       This includes the mapping from Linux usernames to SELinux user identities (which controls the initial security context  assigned  to  Linux
       users when they login and bounds their authorized role set) as well as security context mappings for various kinds of objects, such as net-
       work ports, interfaces, and nodes (hosts) as well as the file context mapping. See the EXAMPLES section below for some examples	of  common
       usage.	Note  that  the  semanage login command deals with the mapping from Linux usernames (logins) to SELinux user identities, while the
       semanage user command deals with the mapping from SELinux user identities to authorized role sets.  In most cases, only the former  mapping
       needs to be adjusted by the administrator; the latter is principally defined by the base policy and usually does not require modification.

OPTIONS

       -h, --help
	      List help information

SEE ALSO

       selinux (8), semanage-boolean (8), semanage-dontaudit (8), semanage-export (8), semanage-fcontext (8), semanage-import (8), semanage-inter-
       face (8), semanage-login (8), semanage-module (8), semanage-node (8), semanage-permissive (8), semanage-port (8), semanage-user (8)

AUTHOR

       This man page was written by Daniel Walsh <dwalsh@redhat.com>
       and Russell Coker <rcoker@redhat.com>.
       Examples by Thomas Bleher <ThomasBleher@gmx.de>.  usage: semanage [-h]

								     20100223							       semanage(8)
Man Page