selinux-refpolicy/www/api-docs/admin_su.html
2006-01-17 20:40:13 +00:00

338 lines
5.5 KiB
HTML

<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_alsa.html'>
alsa</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_amanda.html'>
amanda</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_anaconda.html'>
anaconda</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_ddcprobe.html'>
ddcprobe</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmidecode.html'>
dmidecode</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_kudzu.html'>
kudzu</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logwatch.html'>
logwatch</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_prelink.html'>
prelink</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_readahead.html'>
readahead</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usbmodules.html'>
usbmodules</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_vbetool.html'>
vbetool</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_vpn.html'>
vpn</a><br/>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: admin</h1><p/>
<h2>Module: su</h2><p/>
<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>
<h3>Description:</h3>
<p><p>Run shells with substitute user and group</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_su_exec"></a>
<div id="interface">
<div id="codeblock">
<b>su_exec</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute su in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_su_per_userdomain_template"></a>
<div id="template">
<div id="codeblock">
<b>su_per_userdomain_template</b>(
userdomain_prefix
,
user_domain
,
user_role
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
The per user domain template for the su module.
</p>
<h5>Description</h5>
<p>
</p><p>
This template creates a derived domain which is allowed
to change the linux user id, to run shells as a different
user.
</p><p>
</p><p>
This template is invoked automatically for each user, and
generally does not need to be invoked directly
by policy writers.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
userdomain_prefix
</td><td>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</td><td>
No
</td></tr>
<tr><td>
user_domain
</td><td>
The type of the user domain.
</td><td>
No
</td></tr>
<tr><td>
user_role
</td><td>
The role associated with the user domain.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_su_restricted_domain_template"></a>
<div id="template">
<div id="codeblock">
<b>su_restricted_domain_template</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>