|
HTML rendering created 2023-12-22 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLE | SEE ALSO | AUTHOR | COLOPHON |
|
|
|
semanage-login(8) semanage-login(8)
semanage-login - SELinux Policy Management linux user to SELinux
User mapping tool
semanage login [-h] [-n] [-N] [-S STORE] [ --add -s SEUSER -r
RANGE LOGIN | --delete LOGIN | --deleteall | --extract | --list
[-C] | --modify -s SEUSER -r RANGE LOGIN ]
semanage is used to configure certain elements of SELinux policy
without requiring modification to or recompilation from policy
sources. semanage login controls the mapping between a Linux
User and the SELinux User. It can be used to turn on confined
users. For example you could define that a particular user or
group of users will login to a system as the user_u user. Prefix
the group name with a '%' sign to indicate a group name.
-h, --help
Show this help message and exit
-n, --noheading
Do not print heading when listing the specified object
type
-N, --noreload
Do not reload policy after commit
-C, --locallist
List local customizations
-S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
-a, --add
Add a record of the specified object type
-d, --delete
Delete a record of the specified object type
-m, --modify
Modify a record of the specified object type
-l, --list
List records of the specified object type
-E, --extract
Extract customizable commands, for use within a
transaction
-D, --deleteall
Remove all local customizations
-s SEUSER, --seuser SEUSER
SELinux user name
-r RANGE, --range RANGE
MLS/MCS Security Range (MLS/MCS Systems only) SELinux
Range for SELinux login mapping defaults to the SELinux
user record range. SELinux Range for SELinux user defaults
to s0.
Set the default SELinux user on the system to guest_u
# semanage login -m -s guest_u __default__
Map user gijoe to SELinux user staff_u and assign MLS range SystemLow-Secret
# semanage login -a -s staff_u -rSystemLow-Secret gijoe
Map all users in the engineering group to SELinux user staff_u
# semanage login -a -s staff_u %engineering
selinux(8), semanage(8), semanage-user(8)
This man page was written by Daniel Walsh <dwalsh@redhat.com>
This page is part of the selinux (Security-Enhanced Linux user-
space libraries and tools) project. Information about the
project can be found at
⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a
bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2023-12-22. (At
that time, the date of the most recent commit that was found in
the repository was 2023-05-11.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
20130617 semanage-login(8)
Pages that refer to this page: semanage(8), semanage-user(8)
|
HTML rendering created 2023-12-22 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|