service_seusers(5) SELinux configuration service_seusers(5)NAME
service_seusers - The SELinux GNU/Linux user and service to SELinux user mapping configuration files.
DESCRIPTION
These are optional files that allow services to define an SELinux user when authenticating via SELinux-aware login applications such as
PAM(8).
There is one file for each GNU/Linux user name that will be required to run a service with a specific SELinux user name.
The path for each configuration file is formed by the path returned by selinux_policy_root(3) with /logins/username appended (where user-
name is a file representing the GNU/Linux user name). The default services directory is located at:
/etc/selinux/{SELINUXTYPE}/logins
Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).
getseuser(3) reads this file to map services to an SELinux user.
FILE FORMAT
Each line within the username file is formatted as follows with each component separated by a colon:
service:seuser[:range]
Where:
service
The service name used by the application.
seuser
The SELinux user name.
range
The range for MCS/MLS policies.
EXAMPLES
Example 1 - for the 'root' user:
# ./logins/root
ipa:user_u:s0
this_service:unconfined_u:s0
Example 2 - for GNU/Linux user 'rch':
# ./logins/rch
ipa:unconfined_u:s0
that_service:unconfined_u:s0
SEE ALSO selinux(8), PAM(8), selinux_policy_root(3), getseuser(3), selinux_config(5)Security Enhanced Linux 28-Nov-2011 service_seusers(5)
Check Out this Related Man Page
local.users(5) SELinux configuration local.users(5)NAME
local.users - The SELinux local users configuration file.
DESCRIPTION
The file contains local user definitions in the form of policy language user statements and is only found on older SELinux systems as it
has been deprecated and replaced by the semange(8) services.
This file is only read by selinux_mkload_policy(3) when SETLOCALDEFS in the SELinux config file (see selinux_config(5)) is set to 1.
selinux_users_path(3) will return the active policy path to the directory where this file is located. The default local users file is:
/etc/selinux/{SELINUXTYPE}/contexts/users/local.users
Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).
FILE FORMAT
The file consists of one or more entries terminated with ';', each on a separate line as follows:
user seuser_id roles role_id [[level level] [range range]];
Where:
user
The user keyword.
seuser_id
The SELinux user identifier.
roles
The roles keyword.
role_id
One or more previously declared role identifiers. Multiple role identifiers consist of a space separated list enclosed in
braces '{}'.
level
If MLS/MCS is configured, the level keyword.
level
The users default security level. Note that only the sensitivity component of the level (e.g. s0) is required.
range
If MLS/MCS is configured, the range keyword.
range
The current and clearance levels that the user can run. These are separated by a hyphen '-' as shown in the EXAMPLE section.
EXAMPLE
# ./users/local.users
user test_u roles staff_r level s0 range s0 - s15:c0.c1023;
SEE ALSO selinux(8), semanage(8), selinux_users_path(3), selinux_config(5), selinux_mkload_policy(3)Security Enhanced Linux 28-Nov-2011 local.users(5)
We are searching for DEVICE MAPPER TABLE FORMAT and how to access it through user space??
We are working on enhancement in multipatrhing as 1] scalable path testing 2] event mechanism 3] i/o load sharing.
So we need to access device info as well as all paths to that device, devices status,paths... (1 Reply)
Hi,
Has anyone enabled SELinux on Amazon EC2?
I tried to enable SELinux using a CentOS image, and the steps in the following post, but it didn't work!!
Amazon Web Services Developer Community : Has anyone successfully enabled SELinux ...
The steps i took:
1)I started with CentOS 5.3 base... (5 Replies)
I have an external drive (1 TB) attached via usb to a server running Red Hat Linux 6.2. During an application install one step requires perms set by root. Even though I could ls -l and see that root was able to do the 4755 but the install would fail. Someone pointed out the dot in the permission... (3 Replies)
Initial SELinux context for user hitendra
$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
I changed the role
# semanage login -a -s user_u hitendra
#
Then I logged in again
# su - hitendra
$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$
But I don't... (1 Reply)