Russell, Thanks, I managed to figure that out from the "Getting Started with SELinux HOWTO" from the adding a user section. For a standalone system, I can see how this is no big deal. Every time I add a user, I add the user to the /etc/selinux/users file. But suppose I have 100 machines, I would need to add it to 100 systems. This is why I use NIS to manage my password and shadow files. I suppose one homegrown solution would be to put /etc/selinux/users into an NIS map (users.byname) and periodically (every half-hour perhaps) have a cron job perform a ypcat users.byname > /etc/selinux/users. Is there a standard map one could use or a PAM module that's aware of such needs. Suppose I wasn't using something as old as NIS, like OpenLDAP, is there a standard mechanism for putting this information into its databases? And if not, should there be one? Perhaps my problem is simpler to solve than this. All I really need is the user ID of the person who logged in to the system. This identifies whose account was used to perpetrate the illegal access. Could the user ID number and user name be added to the log messages when violations occur? The id command seems to have the information it needs, perhaps the SELinux logger does too? Otherwise, I'd need to do something like I mention above. I'm not really interested in whether the context has the user name. That was just a way of using what seemed to be a built-in capability if I had set things up right. I have no real problem with users running around as user_u:user_r:user_t in the system. I just need to know which user to start talking to when I see they are poking around the system. Daniel J. Levine Section Supervisor Johns Hopkins University Applied Physics Laboratory 443-778-3952 240-228-3952 -----Original Message----- From: Russell Coker [mailto:russell@xxxxxxxxxxxx] Sent: Thursday, June 10, 2004 2:10 AM To: fedora-selinux-list@xxxxxxxxxx Cc: Levine, Daniel J. Subject: Re: Getting the user ID in log messages... On Thu, 10 Jun 2004 01:02, "Levine, Daniel J." <Daniel.Levine@xxxxxxxxxx> wrote: > Explanation of log file messages) the example show the following scontext: > > scontext: faye:user_r:user_t > > This is great, as I would know to contact the user faye and ask about the > situation. But on my Fedora Core 2 machine, my /var/log/messages produces: > > scontext: user_u:user_r:user_t In your users file in the SE Linux policy you need the following: user dan roles user_r; Then run "make load". -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
