local.users(5) [debian man page]
local.users(5) SELinux configuration local.users(5) NAME
local.users - The SELinux local users configuration file. DESCRIPTION
The file contains local user definitions in the form of policy language user statements and is only found on older SELinux systems as it has been deprecated and replaced by the semange(8) services. This file is only read by selinux_mkload_policy(3) when SETLOCALDEFS in the SELinux config file (see selinux_config(5)) is set to 1. selinux_users_path(3) will return the active policy path to the directory where this file is located. The default local users file is: /etc/selinux/{SELINUXTYPE}/contexts/users/local.users Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)). FILE FORMAT
The file consists of one or more entries terminated with ';', each on a separate line as follows: user seuser_id roles role_id [[level level] [range range]]; Where: user The user keyword. seuser_id The SELinux user identifier. roles The roles keyword. role_id One or more previously declared role identifiers. Multiple role identifiers consist of a space separated list enclosed in braces '{}'. level If MLS/MCS is configured, the level keyword. level The users default security level. Note that only the sensitivity component of the level (e.g. s0) is required. range If MLS/MCS is configured, the range keyword. range The current and clearance levels that the user can run. These are separated by a hyphen '-' as shown in the EXAMPLE section. EXAMPLE
# ./users/local.users user test_u roles staff_r level s0 range s0 - s15:c0.c1023; SEE ALSO
selinux(8), semanage(8), selinux_users_path(3), selinux_config(5), selinux_mkload_policy(3) Security Enhanced Linux 28-Nov-2011 local.users(5)
Check Out this Related Man Page
user_contexts(5) SELinux configuration user_contexts(5) NAME
user_contexts - The SELinux user contexts configuration files DESCRIPTION
These optional user context configuration files contain entries that allow SELinux-aware login applications such as PAM(8) (running in their own process context), to determine the context that a users login session should run under. SELinux-aware login applications generally use one or more of the following libselinux functions that read these files from the active pol- icy path: get_default_context(3) get_ordered_context_list(3) get_ordered_context_list_with_level(3) get_default_context_with_level(3) get_default_context_with_role(3) get_default_context_with_rolelevel(3) query_user_context(3) manual_user_enter_context(3) There can be one file for each SELinux user configured on the system. The file path is formed using the path returned by selinux_user_contexts_path(3) for the active policy, with the SELinux user name appended, for example: /etc/selinux/{SELINUXTYPE}/contexts/users/unconfined_u /etc/selinux/{SELINUXTYPE}/contexts/users/xguest_u Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)). These files contain context information as described in the FILE FORMAT section. FILE FORMAT
Each line in the user context configuration file consists of the following: login_process user_login_process Where: login_process This consists of a role:type[:range] entry that represents the login process context. user_login_process This consists of a role:type[:range] entry that represents the user login process context. EXAMPLE
# Example for xguest_u at /etc/selinux/targeted/contexts/users/xguest_u system_r:crond_t:s0 xguest_r:xguest_t:s0 system_r:initrc_t:s0 xguest_r:xguest_t:s0 system_r:local_login_t:s0 xguest_r:xguest_t:s0 system_r:remote_login_t:s0 xguest_r:xguest_t:s0 system_r:sshd_t:s0 xguest_r:xguest_t:s0 system_r:xdm_t:s0 xguest_r:xguest_t:s0 xguest_r:xguest_t:s0 xguest_r:xguest_t:s0 SEE ALSO
selinux(8), selinux_user_contexts_path(3), PAM(8), get_ordered_context_list(3), get_ordered_context_list_with_level(3), get_default_context_with_level(3), get_default_context_with_role(3), get_default_context_with_rolelevel(3), query_user_context(3), manual_user_enter_context(3), selinux_config(5) Security Enhanced Linux 28-Nov-2011 user_contexts(5)