-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As Dominick stated. I prefer to think in terms of two different roles. Login Roles, and Roles to execute in when you have privileges (IE Root). Login Roles/Types staff_t, user_t, unconfined_t, xguest_t, guest_t Three interfaces can be used to create confined login users. userdom_restricted_user_template(guest) userdom_restricted_xwindows_user_template(xguest) userdom_unpriv_user_template(staff) Admin Roles/Types logadm_t, webadm_t, secadm_t, auditadm_t The following interface can be used to create an Admin ROle userdom_base_user_template(logadm) sysadm_t is sort of a hybrid, most people use it as an Admin Role. I imagine that you login as a confined user and then use sudo/newrole to switch roles to one of the admin roles. Of course you are free to design your own system creating fully login admin roles. Or creating addinitional non admin user roles. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku9yOUACgkQrlYvE4MpobNZBQCgh5RdBRm1ZPjtHNqI5Jf3UHRs Bw0An3cao7Jw/TJUiS6LqB5C6C5ajyhd =q1nL -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
