seusers(5) SELinux configuration seusers(5)NAME
seusers - The SELinux GNU/Linux user to SELinux user mapping configuration file.
DESCRIPTION
The seusers file contains a list GNU/Linux user to SELinux user mapping for use by SELinux-aware login applications such as PAM(8).
selinux_usersconf_path(3) will return the active policy path to this file. The default SELinux users mapping file is located at:
/etc/selinux/{SELINUXTYPE}/seusers
Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).
getseuserbyname(3) reads this file to map a GNU/Linux user or group to an SELinux user.
FILE FORMAT
Each line of the seusers configuration file consists of the following:
[%group_id]|[user_id]:seuser_id[:range]
Where:
group_id|user_id
The GNU/Linux user id, or if preceded by the percentage (%) symbol, then a GNU/Linux group id.
An optional entry set to __default__ can be provided as a fall back if required.
seuser_id
The SELinux user identity.
range
The optional level or range for an MLS/MCS policy.
EXAMPLE
# ./seusers
system_u:system_u:s0-s15:c0.c255
root:root:s0-s15:c0.c255
fred:user_u:s0
__default__:user_u:s0
%user_group:user_u:s0
SEE ALSO selinux(8), PAM(8), selinux_usersconf_path(3), getseuserbyname(3), selinux_config(5)Security Enhanced Linux 28-Nov-2011 seusers(5)
Check Out this Related Man Page
service_seusers(5) SELinux configuration service_seusers(5)NAME
service_seusers - The SELinux GNU/Linux user and service to SELinux user mapping configuration files
DESCRIPTION
These are optional files that allow services to define an SELinux user when authenticating via SELinux-aware login applications such as
PAM(8).
There is one file for each GNU/Linux user name that will be required to run a service with a specific SELinux user name.
The path for each configuration file is formed by the path returned by selinux_policy_root(3) with /logins/username appended (where user-
name is a file representing the GNU/Linux user name). The default services directory is located at:
/etc/selinux/{SELINUXTYPE}/logins
Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).
getseuser(3) reads this file to map services to an SELinux user.
FILE FORMAT
Each line within the username file is formatted as follows with each component separated by a colon:
service:seuser[:range]
Where:
service
The service name used by the application.
seuser
The SELinux user name.
range
The range for MCS/MLS policies.
EXAMPLES
Example 1 - for the 'root' user:
# ./logins/root
ipa:user_u:s0
this_service:unconfined_u:s0
Example 2 - for GNU/Linux user 'rch':
# ./logins/rch
ipa:unconfined_u:s0
that_service:unconfined_u:s0
SEE ALSO selinux(8), PAM(8), selinux_policy_root(3), getseuser(3), selinux_config(5)Security Enhanced Linux 28-Nov-2011 service_seusers(5)
Hi,
Has anyone enabled SELinux on Amazon EC2?
I tried to enable SELinux using a CentOS image, and the steps in the following post, but it didn't work!!
Amazon Web Services Developer Community : Has anyone successfully enabled SELinux ...
The steps i took:
1)I started with CentOS 5.3 base... (5 Replies)
Everyone knows the project LFS (Linux from scratch), it is a book-assembly instructions GNU / Linux from source code. I managed to gather, then my knowledge of GNU / Linux grew, learned many new commands, edit config-files, base packages, kernel, etc. ..
Now I would like also to explore... (0 Replies)
I have an external drive (1 TB) attached via usb to a server running Red Hat Linux 6.2. During an application install one step requires perms set by root. Even though I could ls -l and see that root was able to do the 4755 but the install would fail. Someone pointed out the dot in the permission... (3 Replies)