SE Linux Beginner Tutorial: Logging in

Source: Internet
Author: User
Keywords Login Linux beginner tutorials
Tags added beginner beginner tutorials code default default user display files

The next section describes the system login and explains more about the user security context. The last section of this chapter discusses permissive and enforcing patterns.

4.1 Providing user context at logon

At this stage, you should reboot the system and wait for the login prompt. When you install the SELinux Default Policy pack (Fedora is the source code package for the policy), the installation of policy files allows you to log in to the system with a default user role. (When we have not yet added a user belonging to our own)

Log on to your system as root. Your security context is root:user_r:user_t by default. The ID command display type and your security context display should be the same, as shown below we need to look at the security context section, so don't care about the other fields:

Uid=0 (Root) gid=0 (root) groups=0 (root) context=root:user_r:user_t

So the security context is

root:user_r:user_t

Now let's assume that you have previously set your own account to another role. You can refer to Chapter Fifth: Setting up user accounts. There are two ways to change roles. The first is when you log in. Assume that the user Faye is admitted into the sysadm_t domain. The user Faye on the console. On that "Your default" is faye:user_r:user_t. Do your want to choose a different one? [n] "This is the hint, she chooses, Y and presses the carriage return." She will see the following message:

[1] faye:user_r:user_t

[2] faye:sysadm_r:sysadm_t

Enter Number of choice:

In this case, you can see that the user identity "Faye" has previously been allowed access to sysadm_r roles and sysadm_t domains. The options that will be shown here are those that your user identity has been allowed to access. Please note that this has been implemented in the old SE Linux and will be set as configurable in the New SE Linux (which is not available when writing this document), and the default setting is off.

If the user Faye selects option two (becomes Sysadm_r) and then runs the ID command, she will meet the contents of the security context as:

context=faye:sysadm_r:sysadm_t

It means that he is now a sysadm_r character.

Next is the second way to change the user's security context.

4.2 Changing context with newrole-r command

The second method of changing your security context will use the newrole-r instruction. Grammar is

Newrole-r role

This role replaces what you want to convert to. The assumption is sysadm_r. Then you can run:

Newrole-r Sysadm_r

You will be asked to provide a password for your user identity, and you can run the ID command check. If you are not authorized to enter a new role, you will see this display (assuming that the user Fred is trying to run the instructions)

Fred:sysadm_r:sysadm_t is isn't a valid context

This information means that Fred user cannot enter the sysadm_r:sysadm_t role: domain because he is not authorized to do so.

After successfully changing the role, run the ID command to check your security context.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.