Chris PeBenito 0fbfa5
##################################
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# User configuration.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# This file defines each user recognized by the system security policy.
Chris PeBenito 0fbfa5
# Only the user identities defined in this file may be used as the
Chris PeBenito 0fbfa5
# user attribute in a security context.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# Each user has a set of roles that may be entered by processes
Chris PeBenito 0fbfa5
# with the users identity.  The syntax of a user declaration is:
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# 	user username roles role_set [ level default_level range allowed_range ];
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# The MLS default level and allowed range should only be specified if 
Chris PeBenito 0fbfa5
# MLS was enabled in the policy.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# system_u is the user identity for system processes and objects.
Chris PeBenito 0fbfa5
# There should be no corresponding Unix user identity for system_u,
Chris PeBenito 0fbfa5
# and a user process should never be assigned the system_u user
Chris PeBenito 0fbfa5
# identity.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
user system_u roles system_r;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# user_u is a generic user identity for Linux users who have no
Chris PeBenito 0fbfa5
# SELinux user identity defined.  The modified daemons will use
Chris PeBenito 0fbfa5
# this user identity in the security context if there is no matching
Chris PeBenito 0fbfa5
# SELinux user identity for a Linux user.  If you do not want to
Chris PeBenito 0fbfa5
# permit any access to such users, then remove this entry.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
user user_u roles { user_r }; 
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
# The following users correspond to Unix identities.
Chris PeBenito 0fbfa5
# These identities are typically assigned as the user attribute
Chris PeBenito 0fbfa5
# when login starts the user shell.  Users with access to the sysadm_r
Chris PeBenito 0fbfa5
# role should use the staff_r role instead of the user_r role when
Chris PeBenito 0fbfa5
# not in the sysadm_r.
Chris PeBenito 0fbfa5
#
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
# The sysadm_r user also needs to be permitted system_r if we are to allow
Chris PeBenito 0fbfa5
# direct execution of daemons
Chris PeBenito cff75c
user root roles { sysadm_r staff_r secadm_r ifdef(`direct_sysadm_daemon', `system_r') };
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
# sample for administrative user
Chris PeBenito 0fbfa5
#user jadmin roles { staff_r sysadm_r ifdef(`direct_sysadm_daemon', `system_r') };
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5
# sample for regular user
Chris PeBenito 2705f9
#user jdoe roles { user_r };
Chris PeBenito cff75c
Chris PeBenito cff75c
#
Chris PeBenito cff75c
# The following users correspond to special Unix identities
Chris PeBenito cff75c
# 
Chris PeBenito cff75c
ifdef(`nx_server.te', `
Chris PeBenito cff75c
user nx roles nx_server_r;
Chris PeBenito cff75c
')