I want to create a new user (fred).
I want fred's home directory to he located in the default location (/home/fred).
And I want the context for /home/fred to be: fred:user_r:user_home_dir_t.
useradd doesn't work. It seems to have two problems:
1) If my context (when I run useradd fred) is root:staff_r:staff_t, useradd sets the home directory to root:object_r:home_root_t.
2) If my context is root:sysadm_r:sysadm_t, useradd sets the home directory to root:object_r:user_home_dir_t
Item 1 seems like a bug - why would it choose :home_root_t instead of :user_home_dir_t?
In either case, the identity is wrong.
I think the problem here is that fred is a Linux user, but not an identity. So, I tried seuseradd instead. That doesn't work either - it seems to create the identity (how would I know???) but the identity assigned to the home directory is still 'root'.
Here are my questions:
1) Why is this so bloody difficult? Can you really expect the average user/administrator to deal with problems like this?
2) How can I create a new user whose home directory is assigned the proper identity?
3) How can I get a list of valid identities?
4) Can I add identities with a simple command (i.e. without recompiling the policy)?
I know about seuserx, but that takes forever to run and is about as friendly as Windows 3.1.
Thanks in advance.
-- Murphy