Chapter 5. Controlling and Maintaining SELinux


57


For


id


, the


 Z


option is only usable by itself, it cannot be combined with other options. In this


example, the change to root using


su


did not cause a change in role. In a stricter policy,


su


is capable


of making a role change as well, i.e., from


system_r


to


sysadm_r


. This removes the step of using


newrole


following a


su


command:


# You are an ordinary user here:


whoami


auser


id  Z


user_u:system_r:unconfined_t


# Switching to root changes your UID:


su   root


Password:


whoami


root


# Only the SELinux user name changed, which has no effect in


# the targeted policy.


id  Z


root:system_r:unconfined_t


Using the


 Z


option with


ls


groups together common long format information. The display choices


focus on what you might want when considering the security permissions of a file. It displays mode,


user, group, security context, and file name.


cd /etc


ls  Z h*  d


drwxr xr x


root root


system_u:object_r:etc_t


hal


 rw r  r  


root root


system_u:object_r:etc_t


host.conf


 rw r  r  


root root


user_u:object_r:etc_t


hosts


 rw r  r  


root root


system_u:object_r:etc_t


hosts.allow


 rw r  r  


root root


system_u:object_r:etc_t


hosts.canna


 rw r  r  


root root


system_u:object_r:etc_t


hosts.deny


drwxr xr x


root root


system_u:object_r:hotplug_etc_t


hotplug


drwxr xr x


root root


system_u:object_r:etc_t


hotplug.d


drwxr xr x


root root


system_u:object_r:httpd_sys_content_t htdig


drwxr xr x


root root


system_u:object_r:httpd_config_t httpd


5.1.3. Relabel a File or Directory's Security Context


You may need to relabel a file when moving or copying into special directories related to the targeted


daemons, such as


~/public_html


directories, or when writing scripts that work in directories outside


of


/home


.


There are two general kinds of relabeling operations, one where you are deliberately changing the


type of a file, the other where you are restoring files to the default state according to policy. There


are also relabeling operations that an administrator performs, and those are covered in Section 5.2.2


Relabel a File System.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved