|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLE | SEE ALSO | AUTHOR | COLOPHON |
|
|
|
semanage-login(8) semanage-login(8)
semanage-login - SELinux Policy Management linux user to SELinux
User mapping tool
semanage login [-h] [-n] [-N] [-S STORE] [ --add -s SEUSER -r
RANGE LOGIN | --delete LOGIN | --deleteall | --extract | --list
[-C] | --modify -s SEUSER -r RANGE LOGIN ]
semanage is used to configure certain elements of SELinux policy
without requiring modification to or recompilation from policy
sources. semanage login controls the mapping between a Linux User
and the SELinux User. It can be used to turn on confined users.
For example you could define that a particular user or group of
users will login to a system as the user_u user. Prefix the group
name with a '%' sign to indicate a group name.
-h, --help
Show this help message and exit
-n, --noheading
Do not print heading when listing the specified object type
-N, --noreload
Do not reload policy after commit
-C, --locallist
List local customizations
-S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
-a, --add
Add a record of the specified object type
-d, --delete
Delete a record of the specified object type
-m, --modify
Modify a record of the specified object type
-l, --list
List records of the specified object type
-E, --extract
Extract customizable commands, for use within a transaction
-D, --deleteall
Remove all local customizations
-s SEUSER, --seuser SEUSER
SELinux user name
-r RANGE, --range RANGE
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range
for SELinux login mapping defaults to the SELinux user
record range. SELinux Range for SELinux user defaults to
s0.
Set the default SELinux user on the system to guest_u
# semanage login -m -s guest_u __default__
Map user gijoe to SELinux user staff_u and assign MLS range SystemLow-Secret
# semanage login -a -s staff_u -rSystemLow-Secret gijoe
Map all users in the engineering group to SELinux user staff_u
# semanage login -a -s staff_u %engineering
selinux(8), semanage(8), semanage-user(8)
This man page was written by Daniel Walsh <dwalsh@redhat.com>
This page is part of the selinux (Security-Enhanced Linux user-
space libraries and tools) project. Information about the project
can be found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩.
If you have a bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2025-08-11. (At
that time, the date of the most recent commit that was found in
the repository was 2025-08-04.) If you discover any rendering
problems in this HTML version of the page, or you believe there is
a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
20130617 semanage-login(8)
Pages that refer to this page: semanage(8), semanage-user(8)
|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|