Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

6.6. Booleans for Users Executing Applications

Not allowing Linux users to execute applications (which inherit users' permissions) in their home directories and /tmp/, which they have write access to, helps prevent flawed or malicious applications from modifying files users' own. In Fedora 10, by default, Linux users in the guest_t and xguest_t domains can not execute applications in their home directories or /tmp/; however, by default, Linux users in the user_t and staff_t domains can.
Booleans are available to change this behavior, and are configured with the setsebool command. The setsebool command must be run as the Linux root user. The setsebool -P command makes persistent changes. Do not use the -P option if you do not want changes to persist across reboots:
guest_t
To allow Linux users in the guest_t domain to execute applications in their home directories and /tmp/:
/usr/sbin/setsebool -P allow_guest_exec_content on
xguest_t
To allow Linux users in the xguest_t domain to execute applications in their home directories and /tmp/:
/usr/sbin/setsebool -P allow_xguest_exec_content on
user_t
To prevent Linux users in the user_t domain from executing applications in their home directories and /tmp/:
/usr/sbin/setsebool -P allow_user_exec_content off
staff_t
To prevent Linux users in the staff_t domain from executing applications in their home directories and /tmp/:
/usr/sbin/setsebool -P allow_staff_exec_content off

 
 
  Published under the terms of the GNU General Public License Design by Interspire