Hi Stephen,
Below is the output of command :
sestatus -v output
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
Process contexts:
Current context: system_u:system_r:unconfined_t:s0-s0:c0.c1023
Init context: system_u:system_r:init_t:s0
/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023
File contexts:
Controlling terminal: system_u:object_r:sshd_devpts_t:s0
/etc/passwd system_u:object_r:passwd_file_t:s0
/etc/shadow system_u:object_r:shadow_t:s0
/bin/bash system_u:object_r:shell_exec_t:s0
/bin/login system_u:object_r:login_exec_t:s0
/bin/sh system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty system_u:object_r:getty_exec_t:s0
/sbin/init system_u:object_r:bin_t:s0 -> system_u:object_r:init_exec_t:s0
/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0
/lib/libc.so.6 system_u:object_r:lib_t:s0 -> system_u:object_r:lib_t:s0
/lib/ld-linux.so.2 system_u:object_r:lib_t:s0 -> system_u:object_r:ld_so_t:s0
Also I am using ssh session for login.
Please let me know how to change id command context to unconfined_u or Sysadm_u.
Thanks in advance
Aman
On Mon, Nov 27, 2017 at 9:29 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
What is your sestatus -v output? How are you logging in (console, gdm,On Fri, 2017-11-24 at 10:47 +0530, Aman Sharma wrote:
>
>
> Hi All,
>
> Currently Working on Cent OS 7.3 and login as a root User and my Id
> command output is :
>
> id
> uid=0(root) gid=0(root) groups=0(root)
> context=system_u:system_r:unconfined_t:s0-s0:c0.c1023
>
> I want to change System_u:system_r:unconfined_t to sysadm_u:sysadm_r
> or unconfined_u:unconfined_r.
>
> Also showing the output of following command :
>
> semanage user -l
>
> Labeling MLS/ MLS/
> SELinux User Prefix MCS Level MCS Range
> SELinux Roles
>
> admin_u user s0 s0-s0:c0.c1023
> sysadm_r system_r
> guest_u user s0 s0
> guest_r
> root user s0 s0-s0:c0.c1023
> staff_r sysadm_r
> specialuser_u user s0 s0
> sysadm_r system_r
> staff_u user s0 s0-s0:c0.c1023
> staff_r sysadm_r system_r
> sysadm_u user s0 s0-s0:c0.c1023
> sysadm_r
> system_u user s0 s0-s0:c0.c1023
> system_r
> unconfined_u user s0 s0-s0:c0.c1023
> system_r unconfined_r
> user_u user s0 s0
> user_r
> xguest_u user s0 s0
> xguest_r
>
>
> semanage login -l
>
> Login Name SELinux User MLS/MCS Range
> Service
>
> __default__ sysadm_u s0-s0:c0.c1023 *
> ccmservice specialuser_u s0 *
> cucm admin_u s0-s0:c0.c1023 *
> drfkeys specialuser_u s0 *
> drfuser specialuser_u s0 *
> informix specialuser_u s0 *
> pwrecovery specialuser_u s0 *
> root sysadm_u s0-s0:c0.c1023 *
> sftpuser specialuser_u s0 *
> system_u sysadm_u s0-s0:c0.c1023 *
>
>
> Can anybody Please help me.
ssh, ...)?
You don't appear to be running the default policy, or if you are,
someone has heavily customized your user and login mappings.
