[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Alternative user management approach

To: Karl MacMillan <kmacmillan@xxxxxxxxxx>
Subject: RE: Alternative user management approach
From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Date: Fri, 24 Jun 2005 15:34:50 -0400
Cc: "'Casey Schaufler'" <casey@xxxxxxxxxxxxxxxx>, selinux@xxxxxxxxxxxxx
In-reply-to: <200506241704.j5OH4jqc017398@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Organization: National Security Agency
References: <200506241704.j5OH4jqc017398@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Fri, 2005-06-24 at 13:04 -0400, Karl MacMillan wrote:
> To make my suggestion more concrete, I think a mapping file in
> /etc/selinux/policyname that maps from users to SELinux users. The config would
> be an ordered list of mappings that use username and group information. That
> means that if the admin wants to use group info they can, otherwise it is
> ignored. The first match in the ordered list would win. Maybe something like:
> 
> id:root	sysadm
> group:wheel staff
> default	normal

Default group?  Supplemental groups?

This only happens at login time (or su), not newgrp.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- RE: Alternative user management approach
  - From: Karl MacMillan

Prev by Date: Re: mdadm policy
Next by Date: RE: Alternative user management approach
Previous by thread: RE: Alternative user management approach
Next by thread: Re: Alternative user management approach
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.