semanage-user(8) - phpMan

Command: man perldoc info search(apropos)  

semanage-user(8)                                                                 semanage-user(8)



NAME
       semanage-user - SELinux Policy Management SELinux User mapping tool

SYNOPSIS
       semanage  user  [-h]  [-n]  [-N] [-S STORE] [ --add ( -L LEVEL -R ROLES -r RANGE -s SEUSER
       selinux_name) | --delete selinux_name | --deleteall | --extract | --list [-C] | --modify (
       -L LEVEL -R ROLES -r RANGE -s SEUSER selinux_name ) ]


DESCRIPTION
       semanage is used to configure certain elements of SELinux policy without requiring modifi-
       cation to or recompilation from  policy  sources.   semanage  user  controls  the  mapping
       between an SELinux User and the roles and MLS/MCS levels.


OPTIONS
       -h, --help
              show this help message and exit

       -n, --noheading
              Do not print heading when listing the specified object type

       -N, --noreload
              Do not reload policy after commit

       -S STORE, --store STORE
              Select an alternate SELinux Policy Store to manage

       -C, --locallist
              List local customizations

       -a, --add
              Add a record of the specified object type

       -d, --delete
              Delete a record of the specified object type

       -m, --modify
              Modify a record of the specified object type

       -l, --list
              List records of the specified object type

       -E, --extract
              Extract customizable commands, for use within a transaction

       -D, --deleteall
              Remove all local customizations

       -L LEVEL, --level LEVEL
              Default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only)

       -r RANGE, --range RANGE
              MLS/MCS  Security Range (MLS/MCS Systems only) SELinux Range for SELinux login map-
              ping defaults to the SELinux user record range.  SELinux  Range  for  SELinux  user
              defaults to s0.

       -R [ROLES], --roles [ROLES]
              SELinux  Roles.  You must enclose multiple roles within quotes, separate by spaces.
              Or specify -R multiple times.


EXAMPLE
       List SELinux users
       # semanage user -l
       Modify groups for staff_u user
       # semanage user -m -R "system_r unconfined_r staff_r" staff_u
       Add level for TopSecret Users
       # semanage user -a -R "staff_r" -rs0-TopSecret topsecret_u


NOTES
       SELinux users defined in the policy cannot be removed or directly  altered.  When  the  -m
       switch  is  used  on  such a user, semanage creates a local SELinux user of the same name,
       which overrides the original SELinux user.

       As long as a login entry exists that links local SELinux user to a Linux user, given local
       SELinux user cannot be removed (even if it represents local modification of a SELinux user
       defined in policy).  In case you want to remove local modification of a SELinux user,  you
       need to remove any related login mapping first. Follow these steps:

              1) Remove all login entries concerning the SELinux user.
                 To list local customizations of login entries execute:
                 # semanage login -l -C
                 or for semanage command form:
                 # semanage login --extract
              2) Remove the SELinux user
              3) Optionally reintroduce removed login entries


SEE ALSO
       selinux (8), semanage (8) semanage-login (8)


AUTHOR
       This man page was written by Daniel Walsh <dwalsh AT redhat.com>



                                             20130617                            semanage-user(8)

Generated by $Id: phpMan.php,v 4.55 2007/09/05 04:42:51 chedong Exp $ Author: Che Dong
On Apache
Under GNU General Public License
2024-04-27 05:20 @3.145.111.183 CrawledBy Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Valid XHTML 1.0!Valid CSS!