Moderator: I didn't realize I had sent this message from
a different address than the one I used to subscribe to the list.
Sorry.
------------------------------------------------------
Hi. I'm wondering about the permissions new users get
when they are created. Before SELinux I had to add users
to 'wheel' to enable them to su to root.
I did an adduser and it seems to be unrestricted:
[testse@lankhmar ~]$ id -Z
user_u:system_r:unconfined_t
and the user is able to su to root. Is this normal?
How would I keep the user from being able to su?
I added:
user testse roles { user_r };
to /etc/selinux/targeted/src/policy/users
and did: make load
This didn't seem to make any difference.
This is on FC3 (2.6.10-1.760_FC3)
selinux-policy-targeted-1.17.30-2.75
[root@lankhmar ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 18
Policy from config file:targeted
I'm not sure if this is clear, or enough information.
I tried searching the archives but didn't find anything.
[I may be searching incorrectly].
Thanks,
Richard.
