On Wed, 2004-10-13 at 14:57, Kodungallur Varma wrote: > I dont know if this makes any sense but can any one tell me if > we can set up a policy where a user_r has more previleges than the > staff_r (not the sys admin). thanx in advance.. Why? The current policy is set up so that staff_r is more privileged than user_r (if the user_canbe_sysadm tunable is disabled); otherwise, user_r and staff_r are essentially equivalent. I'd suggest disabling user_canbe_sysadm and optionally adding further permissions to staff_r, not the other way around. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
