Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
6.3. Confining Existing Linux Users: semanage login
If a Linux user is mapped to the SELinux
unconfined_u user (the default behavior), and you would like to change which SELinux user they are mapped to, use the semanage login command. The following example creates a new Linux user named newuser, then maps that Linux user to the SELinux user_u user:
Procedure 6.2. Mapping Linux Users to the SELinux Users
- As root, create a new Linux user (
newuser). Since this user uses the default mapping, it does not appear in thesemanage login -loutput:useradd newuser
~]# useradd newuserCopy to Clipboard Copied! Toggle word wrap Toggle overflow Copy to Clipboard Copied! Toggle word wrap Toggle overflow - To map the Linux
newuseruser to the SELinuxuser_uuser, enter the following command as root:semanage login -a -s user_u newuser
~]# semanage login -a -s user_u newuserCopy to Clipboard Copied! Toggle word wrap Toggle overflow The-aoption adds a new record, and the-soption specifies the SELinux user to map a Linux user to. The last argument,newuser, is the Linux user you want mapped to the specified SELinux user. - To view the mapping between the Linux
newuseruser anduser_u, use thesemanageutility again:Copy to Clipboard Copied! Toggle word wrap Toggle overflow - As root, assign a password to the Linux
newuseruser:Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Log out of your current session, and log in as the Linux
newuseruser. Enter the following command to view thenewuser's SELinux context:id -Z
~]$ id -Z user_u:user_r:user_t:s0Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Log out of the Linux
newuser's session, and log back in with your account. If you do not want the Linuxnewuseruser, enter the following command as root to remove it, along with its home directory:userdel -r newuser
~]# userdel -r newuserCopy to Clipboard Copied! Toggle word wrap Toggle overflow As root, remove the mapping between the Linuxnewuseruser anduser_u:semanage login -d newuser
~]# semanage login -d newuserCopy to Clipboard Copied! Toggle word wrap Toggle overflow Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}