Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Chapter 6. Confining Users

A number of confined SELinux users are available in Fedora 11. Each Linux user is mapped to an SELinux user via SELinux policy, allowing Linux users to inherit the restrictions on SELinux users, for example (depending on the user), not being able to: run the X Window System; use networking; run setuid applications (unless SELinux policy permits it); or run the su and sudo commands to become the Linux root user. This helps protect the system from the user. Refer to Section 4.3, “Confined and Unconfined Users” for further information about confined users in Fedora 11.

6.1. Linux and SELinux User Mappings

As the Linux root user, run the semanage login -l command to view the mapping between Linux users and SELinux users:
# /usr/sbin/semanage login -l

Login Name                SELinux User              MLS/MCS Range

__default__               unconfined_u              s0-s0:c0.c1023
root                      unconfined_u              s0-s0:c0.c1023
system_u                  system_u                  s0-s0:c0.c1023
In Fedora 11, Linux users are mapped to the SELinux __default__ login by default (which is mapped to the SELinux unconfined_u user). When a Linux user is created with the useradd command, if no options are specified, they are mapped to the SELinux unconfined_u user. The following defines the default-mapping:
__default__               unconfined_u              s0-s0:c0.c1023

  Published under the terms of the GNU General Public License Design by Interspire