Hmm... I turned off user_canbe_sysadm, I gave the user user_test the role staff_r, and when I try from the user_test shell with the context user_test:user_r:user_t to transit to the user_test:staff_r:staff_t : [user_test@localhost user_test]$ newrole -t staff_t -r staff_r Authenticating user_test. Password: failed to exec shell : Permission non accordée Does anyone know why ? Nico --- Gene Czarcinski <gene@xxxxxxxxx> a écrit : > On Thursday 15 April 2004 15:45, Daniel J Walsh > wrote: > > >Mmmm .. I wonder if it can be fine tuned enough > so that a user could su to > > >another regular user but not root or any user > with sysadm_r capability? > > > At the same time, a user with a sysadm_r > capability could su to anyone. > > > > > >That might be an interesting capability to have. > > > > > > > That is what staff_r is defined as. If you turn > off user_canbe_sysadm, > > you will end up with regular users who can't su > and > > staff users who can. > > Great! Well, that puts this message into my selinux > "Goodinfo" folder. > > Gene > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-selinux-list __________________________________________________________ Lèche-vitrine ou lèche-écran ? magasinage.yahoo.ca
