mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-25 07:22:07 +00:00
6ef13eeda7
- Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
69 lines
2.0 KiB
Groff
69 lines
2.0 KiB
Groff
.TH "local.users" "5" "28-Nov-2011" "Security Enhanced Linux" "SELinux configuration"
|
|
.SH "NAME"
|
|
local.users \- The SELinux local users configuration file
|
|
.
|
|
.SH "DESCRIPTION"
|
|
The file contains local user definitions in the form of policy language user statements and is only found on older SELinux systems as it has been deprecated and replaced by the \fBsemange\fR(8) services.
|
|
.sp
|
|
This file is only read by \fBselinux_mkload_policy\fR(3) when \fBSETLOCALDEFS\fR in the SELinux \fIconfig\fR file (see \fBselinux_config\fR(5)) is set to \fI1\fR.
|
|
.sp
|
|
.BR selinux_users_path "(3) "
|
|
will return the active policy path to the directory where this file is located. The default local users file is:
|
|
.RS
|
|
.I /etc/selinux/{SELINUXTYPE}/contexts/users/local.users
|
|
.RE
|
|
.sp
|
|
Where \fI{SELINUXTYPE}\fR is the entry from the selinux configuration file \fIconfig\fR (see \fBselinux_config\fR(5)).
|
|
.
|
|
.SH "FILE FORMAT"
|
|
The file consists of one or more entries terminated with '\fB;\fR', each on a separate line as follows:
|
|
.RS
|
|
\fBuser \fIseuser_id \fBroles \fIrole_id\fR [[\fBlevel \fIlevel\fR] [\fBrange \fIrange\fR]]\fB;\fR
|
|
.RE
|
|
.sp
|
|
Where:
|
|
.RS
|
|
.B user
|
|
.RS
|
|
The user keyword.
|
|
.RE
|
|
.I seuser_id
|
|
.RS
|
|
The SELinux user identifier.
|
|
.RE
|
|
.B roles
|
|
.RS
|
|
The roles keyword.
|
|
.RE
|
|
.I role_id
|
|
.RS
|
|
One or more previously declared role identifiers. Multiple role identifiers consist of a space separated list enclosed in braces '{}'.
|
|
.RE
|
|
.B level
|
|
.RS
|
|
If MLS/MCS is configured, the level keyword.
|
|
.RE
|
|
.I level
|
|
.RS
|
|
The users default security level. Note that only the sensitivity component of the level (e.g. s0) is required.
|
|
.RE
|
|
.B range
|
|
.RS
|
|
If MLS/MCS is configured, the range keyword.
|
|
.RE
|
|
.I range
|
|
.RS
|
|
The current and clearance levels that the user can run. These are separated by a hyphen '\fB-\fR' as shown in the \fBEXAMPLE\fR section.
|
|
.RE
|
|
.RE
|
|
.
|
|
.SH "EXAMPLE"
|
|
# ./users/local.users
|
|
.br
|
|
user test_u roles staff_r level s0 range s0 \- s15:c0.c1023;
|
|
.
|
|
.SH "SEE ALSO"
|
|
.ad l
|
|
.nh
|
|
.BR selinux "(8), " semanage "(8), " selinux_users_path "(3), " selinux_config "(5), " selinux_mkload_policy "(3) "
|