semanage-user(8) semanage-user(8) NAME semanage-user - SELinux Policy Management SELinux User mapping tool SYNOPSIS semanage user [-h] [-n] [-N] [-S STORE] [ --add ( -L LEVEL -R ROLES -r RANGE -s SEUSER selinux_name) | --delete selinux_name | --deleteall | --extract | --list [-C] | --modify ( -L LEVEL -R ROLES -r RANGE -s SEUSER selinux_name ) ] DESCRIPTION semanage is used to configure certain elements of SELinux policy without requiring modifi- cation to or recompilation from policy sources. semanage user controls the mapping between an SELinux User and the roles and MLS/MCS levels. OPTIONS -h, --help show this help message and exit -n, --noheading Do not print heading when listing the specified object type -N, --noreload Do not reload policy after commit -S STORE, --store STORE Select an alternate SELinux Policy Store to manage -C, --locallist List local customizations -a, --add Add a record of the specified object type -d, --delete Delete a record of the specified object type -m, --modify Modify a record of the specified object type -l, --list List records of the specified object type -E, --extract Extract customizable commands, for use within a transaction -D, --deleteall Remove all local customizations -L LEVEL, --level LEVEL Default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only) -r RANGE, --range RANGE MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login map- ping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0. -R [ROLES], --roles [ROLES] SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times. EXAMPLE List SELinux users # semanage user -l Modify groups for staff_u user # semanage user -m -R "system_r unconfined_r staff_r" staff_u Add level for TopSecret Users # semanage user -a -R "staff_r" -rs0-TopSecret topsecret_u NOTES SELinux users defined in the policy cannot be removed or directly altered. When the -m switch is used on such a user, semanage creates a local SELinux user of the same name, which overrides the original SELinux user. As long as a login entry exists that links local SELinux user to a Linux user, given local SELinux user cannot be removed (even if it represents local modification of a SELinux user defined in policy). In case you want to remove local modification of a SELinux user, you need to remove any related login mapping first. Follow these steps: 1) Remove all login entries concerning the SELinux user. To list local customizations of login entries execute: # semanage login -l -C or for semanage command form: # semanage login --extract 2) Remove the SELinux user 3) Optionally reintroduce removed login entries SEE ALSO selinux (8), semanage (8) semanage-login (8) AUTHOR This man page was written by Daniel Walsh <dwalsh AT redhat.com> 20130617 semanage-user(8)
Generated by $Id: phpMan.php,v 4.55 2007/09/05 04:42:51 chedong Exp $ Author: Che Dong
On Apache
Under GNU General Public License
2024-04-27 05:20 @3.145.111.183 CrawledBy Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)