unconfined_u
user (the default behavior), and you would like to change which SELinux user they are mapped to, use the semanage login
command. The following example creates a new Linux user named newuser
, then maps that Linux user to the SELinux user_u
user:
Procedure 10.28. Mapping Linux Users to the SELinux Users
newuser
). Since this user uses the default mapping, it does not appear in the semanage login -l
output:
~]#
useradd newuser
~]#
semanage login -l
Login Name SELinux User MLS/MCS Range Service __default__ unconfined_u s0-s0:c0.c1023 * root unconfined_u s0-s0:c0.c1023 * system_u system_u s0-s0:c0.c1023 *
newuser
user to the SELinux user_u
user, run the following command as root:
~]#
semanage login -a -s user_u newuser
-a
option adds a new record, and the -s
option specifies the SELinux user to map a Linux user to. The last argument, newuser
, is the Linux user you want mapped to the specified SELinux user.
newuser
user and user_u
, use the semanage
utility again:
~]#
semanage login -l
Login Name SELinux User MLS/MCS Range Service __default__ unconfined_u s0-s0:c0.c1023 * newuser user_u s0 * root unconfined_u s0-s0:c0.c1023 * system_u system_u s0-s0:c0.c1023 *
newuser
user:
~]#
passwd newuser
Changing password for user newuser. New password: Enter a password Retype new password: Enter the same password again passwd: all authentication tokens updated successfully.
newuser
user. Run the following command to view the newuser
's SELinux context:
~]$
id -Z
user_u:user_r:user_t:s0
newuser
's session, and log back in with your account. If you do not want the Linux newuser
user, run the following command as root to remove it, along with its home directory:
~]#
userdel -r newuser
newuser
user and user_u
:
~]#
semanage login -d newuser
~]#
semanage login -l
Login Name SELinux User MLS/MCS Range Service __default__ unconfined_u s0-s0:c0.c1023 * root unconfined_u s0-s0:c0.c1023 * system_u system_u s0-s0:c0.c1023 *