On Thursday 15 April 2004 15:45, Daniel J Walsh wrote: > >Mmmm .. I wonder if it can be fine tuned enough so that a user could su to > >another regular user but not root or any user with sysadm_r capability? > > At the same time, a user with a sysadm_r capability could su to anyone. > > > >That might be an interesting capability to have. > > > > That is what staff_r is defined as. If you turn off user_canbe_sysadm, > you will end up with regular users who can't su and > staff users who can. Great! Well, that puts this message into my selinux "Goodinfo" folder. Gene
