While I've some difficulty understanding the problem (item 2. in post #1), let me try to clarify some things:
On a system, you have login users (A) and non-login users (B). And, you have interactive (C) and non-interactive (D) access.
Combinations:
A+C is the normal user, logged in via a terminal (his interaction tool).
A+D can be a background process run by a logged in user, supplying the -l option to e.g. bash.
B+C would be an interactive shell run as a subprocess / subshell by an application.
B+D could be a service or a daemon started at boot time and running under a B user.
The command /usr/sbin/nologin (/bin/non-login I do not know about) is NOT a shell, but it prevents the respective user to log in.
Shells are command line interpreters (CLI) that enable the user to interact with the system. If your system has /ets/shells, list that to see some available shells:
Hi everybody,
Do you know how to hide the text for interactive unix shell script? Just like the case for inputting password during logon.
Patrick (1 Reply)
Can anybody help me to write a shell script to login interactive system
once u open a connection using telnet it will ask for
USERCODE:
PASSWORD:
DOMAIN: (1 Reply)
Q. Write a script that behaves both in interactive and non interactive mode. When no arguments are supplied it picks up each C program from the directory and prints first 10 lines.
It then prompts for deletion of the file.
If user supplies arguments with the script , then it works on those files... (1 Reply)
1)
ssh a@b
echo $USER it display the correct value as a (even though i have not defined it in .profile)
2)
remsh b -l a
echo $USER it does not display the value as a (variable is not set
any idea why $USER variable is not initialized when i login via remsh or rlogin but shows the... (10 Replies)
Hi Guys,
Excuse if am asking silly Que ... :rolleyes:
Please explain me whats difference between login and interactive shell in Linux .. Have googled but still in doubt .. :confused:
--Shirish Shukla (4 Replies)
Hi Every body,
I would need a shell script program to login as different user and perform some copy commands in the script.
example: Supppose ora_toms is the active user
ora_toms should be able to run a script where user: ftptomsp pass: XXX should login through and run the commands
... (9 Replies)
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
I am a root in a Unix system. My shell is bash.
2. Relevant commands, code, scripts, algorithms:
How to set... (1 Reply)
Hello and thanks in advance for any help anyone can offer to straighten me out on this subject
I'm trying to understand non-interactive & non-login shells and having a hard time conceptualize the process a non-interactive & non-login shell goes through to start up. Particularly for background... (7 Replies)
Hello, I want to start out by saying that I am fairly new to scripting and am looking for someone that can point me in the right direction.
Basically what I need is a way to run a interactive script that will prompt users with questions weather that be yes/no or a specific answer.. I want to be... (3 Replies)
Discussion started by: shoutcast
3 Replies
LEARN ABOUT CENTOS
httpd_webalizer_script_selinux
httpd_webalizer_script_selinux(8) SELinux Policy httpd_webalizer_script httpd_webalizer_script_selinux(8)NAME
httpd_webalizer_script_selinux - Security Enhanced Linux Policy for the httpd_webalizer_script processes
DESCRIPTION
Security-Enhanced Linux secures the httpd_webalizer_script processes via flexible mandatory access control.
The httpd_webalizer_script processes execute with the httpd_webalizer_script_t SELinux type. You can check if you have these processes run-
ning by executing the ps command with the -Z qualifier.
For example:
ps -eZ | grep httpd_webalizer_script_t
ENTRYPOINTS
The httpd_webalizer_script_t SELinux type can be entered via the shell_exec_t, httpd_webalizer_script_exec_t, httpd_webalizer_script_exec_t
file types.
The default entrypoint paths for the httpd_webalizer_script_t domain are the following:
/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/zsh.*, /usr/bin/ksh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash,
/bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/sash, /usr/bin/tcsh, /usr/bin/yash, /usr/bin/fish, /usr/bin/mksh, /usr/bin/bash,
/sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc,
/usr/bin/git-shell, /usr/libexec/git-core/git-shell
PROCESS TYPES
SELinux defines process types (domains) for each process running on the system
You can see the context of a process using the -Z option to ps
Policy governs the access confined processes have to files. SELinux httpd_webalizer_script policy is very flexible allowing users to setup
their httpd_webalizer_script processes in as secure a method as possible.
The following process types are defined for httpd_webalizer_script:
httpd_webalizer_script_t
Note: semanage permissive -a httpd_webalizer_script_t can be used to make the process type httpd_webalizer_script_t permissive. SELinux
does not deny access to permissive process types, but the AVC (SELinux denials) messages are still generated.
BOOLEANS
SELinux policy is customizable based on least access required. httpd_webalizer_script policy is extremely flexible and has several bool-
eans that allow you to manipulate the policy and run httpd_webalizer_script with the tightest access possible.
If you want to deny any process from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by
default.
setsebool -P deny_ptrace 1
If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.
setsebool -P domain_fd_use 1
If you want to allow all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by
default.
setsebool -P domain_kernel_load_modules 1
If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.
setsebool -P fips_mode 1
If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.
setsebool -P global_ssp 1
If you want to allow httpd cgi support, you must turn on the httpd_enable_cgi boolean. Disabled by default.
setsebool -P httpd_enable_cgi 1
If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default.
setsebool -P nis_enabled 1
MANAGED FILES
The SELinux process type httpd_webalizer_script_t can manage files labeled with the following file types. The paths listed are the default
paths for these file types. Note the processes UID still need to have DAC permissions.
httpd_webalizer_rw_content_t
COMMANDS
semanage fcontext can also be used to manipulate default file context mappings.
semanage permissive can also be used to manipulate whether or not a process type is permissive.
semanage module can also be used to enable/disable/install/remove policy modules.
semanage boolean can also be used to manipulate the booleans
system-config-selinux is a GUI tool available to customize SELinux policy settings.
AUTHOR
This manual page was auto-generated using sepolicy manpage .
SEE ALSO selinux(8), httpd_webalizer_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)httpd_webalizer_script 14-06-10 httpd_webalizer_script_selinux(8)