Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: Default permissions and security context of new user?: msg#00063
|
Subject: |
Re: Default permissions and security context of new user? |
On Wed, 2005-02-09 at 22:06, R. Jensen wrote:
> Hi. I'm wondering about the permissions new users get
> when they are created. Before SELinux I had to add users
> to 'wheel' to enable them to su to root.
>
> I did an adduser and it seems to be unrestricted:
>
> [testse@lankhmar ~]$ id -Z
> user_u:system_r:unconfined_t
>
> and the user is able to su to root. Is this normal?
> How would I keep the user from being able to su?
>
> I added:
> user testse roles { user_r };
>
> to /etc/selinux/targeted/src/policy/users
> and did: make load
>
> This didn't seem to make any difference.
>
> This is on FC3 (2.6.10-1.760_FC3)
> selinux-policy-targeted-1.17.30-2.75
>
> [root@lankhmar ~]# sestatus
> SELinux status: enabled
> SELinuxfs mount: /selinux
> Current mode: enforcing
> Mode from config file: enforcing
> Policy version: 18
> Policy from config file:targeted
>
> I'm not sure if this is clear, or enough information.
> I tried searching the archives but didn't find anything.
> [I may be searching incorrectly].
The Red Hat targeted policy is only focused on confining specific
daemons, not users. If you want to confine users and a much wider set
of programs and daemons, install and switch to the strict policy, but be
prepared for a significant change in your normal mode of operation. See
the Fedora SELinux FAQ.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
|
| |
