table of contents
other versions
- buster 2.8-1+b1
- testing 3.1-3
- unstable 3.1-3
- experimental 3.2-1
seusers(5) | SELinux configuration | seusers(5) |
NAME¶
seusers - The SELinux GNU/Linux user to SELinux user mapping configuration fileDESCRIPTION¶
The seusers file contains a list GNU/Linux user to SELinux user mapping for use by SELinux-aware login applications such as PAM(8).selinux_usersconf_path(3) will return the active policy path to this file. The default SELinux users mapping file is located at:
/etc/selinux/{SELINUXTYPE}/seusers
Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).
getseuserbyname(3) reads this file to map a GNU/Linux user or group to an SELinux user.
FILE FORMAT¶
Each line of the seusers configuration file consists of the following:[%group_id]|[user_id]:seuser_id[:range]
Where:
group_id|user_id
The GNU/Linux user id, or if preceded by the percentage
(%) symbol, then a GNU/Linux group id.
An optional entry set to __default__ can be provided as a fall back if required.
seuser_id
An optional entry set to __default__ can be provided as a fall back if required.
The SELinux user identity.
range
The optional level or range for an MLS/MCS policy.
EXAMPLE¶
# ./seuserssystem_u:system_u:s0-s15:c0.c255
root:root:s0-s15:c0.c255
fred:user_u:s0
__default__:user_u:s0
%user_group:user_u:s0
SEE ALSO¶
selinux(8), PAM(8), selinux_usersconf_path(3), getseuserbyname(3), selinux_config(5)28-Nov-2011 | Security Enhanced Linux |