################################## # # User configuration. # # This file defines each user recognized by the system security policy. # Only the user identities defined in this file may be used as the # user attribute in a security context. # # Each user has a set of roles that may be entered by processes # with the users identity. The syntax of a user declaration is: # # user username roles role_set [ level default_level range allowed_range ] level s0 range s0 - s15:c0.c255; # # The MLS default level and allowed range should only be specified if # MLS was enabled in the policy. # # system_u is the user identity for system processes and objects. # There should be no corresponding Unix user identity for system_u, # and a user process should never be assigned the system_u user # identity. # user system_u roles system_r level s0 range s0 - s15:c0.c255; # # user_u is a generic user identity for Linux users who have no # SELinux user identity defined. The modified daemons will use # this user identity in the security context if there is no matching # SELinux user identity for a Linux user. If you do not want to # permit any access to such users, then remove this entry. # user user_u roles { user_r } level s0 range s0 - s0; # # The following users correspond to Unix identities. # These identities are typically assigned as the user attribute # when login starts the user shell. Users with access to the sysadm_r # role should use the staff_r role instead of the user_r role when # not in the sysadm_r. # # The sysadm_r user also needs to be permitted system_r if we are to allow # direct execution of daemons user root roles { sysadm_r staff_r secadm_r ifdef(`direct_sysadm_daemon', `system_r') } level s0 range s0 - s15:c0.c255; # sample for administrative user #user jadmin roles { staff_r sysadm_r ifdef(`direct_sysadm_daemon', `system_r') } level s0 range s0 - s15:c0.c255; # sample for regular user #user jdoe roles { user_r } level s0 range s0 - s15:c0.c255; # # The following users correspond to special Unix identities # ifdef(`nx_server.te', ` user nx roles nx_server_r level s0 range s0 - s15:c0.c255; ')