| .TH "semanage-login" "8" "20130617" "" "" |
| .SH "NAME" |
| .B semanage\-login \- SELinux Policy Management linux user to SELinux User mapping tool |
| .SH "SYNOPSIS" |
| .B semanage login [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-s SEUSER \-r RANGE LOGIN | \-\-delete LOGIN | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-s SEUSER \-r RANGE LOGIN ] |
| |
| .SH "DESCRIPTION" |
| semanage is used to configure certain elements of |
| SELinux policy without requiring modification to or recompilation |
| from policy sources. semanage login controls the mapping between a Linux User and the SELinux User. It can be used to turn on confined users. For example you could define that a particular user or group of users will login to a system as the user_u user. Prefix the group name with a '%' sign to indicate a group name. |
| |
| .SH "OPTIONS" |
| .TP |
| .I \-h, \-\-help |
| show this help message and exit |
| .TP |
| .I \-n, \-\-noheading |
| Do not print heading when listing the specified object type |
| .TP |
| .I \-N, \-\-noreload |
| Do not reload policy after commit |
| .TP |
| .I \-C, \-\-locallist |
| List local customizations |
| .TP |
| .I \-S STORE, \-\-store STORE |
| Select an alternate SELinux Policy Store to manage |
| .TP |
| .I \-a, \-\-add |
| Add a record of the specified object type |
| .TP |
| .I \-d, \-\-delete |
| Delete a record of the specified object type |
| .TP |
| .I \-m, \-\-modify |
| Modify a record of the specified object type |
| .TP |
| .I \-l, \-\-list |
| List records of the specified object type |
| .TP |
| .I \-E, \-\-extract |
| Extract customizable commands, for use within a transaction |
| .TP |
| .I \-D, \-\-deleteall |
| Remove all local customizations |
| .TP |
| .I \-s SEUSER, \-\-seuser SEUSER |
| SELinux user name |
| .TP |
| .I \-r RANGE, \-\-range RANGE |
| MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0. |
| |
| .SH EXAMPLE |
| .nf |
| Modify the default user on the system to the guest_u user |
| # semanage login \-m \-s guest_u __default__ |
| Assign gijoe user on an MLS machine a range and to the staff_u user |
| # semanage login \-a \-s staff_u \-rSystemLow-Secret gijoe |
| Assign all users in the engineering group to the staff_u user |
| # semanage login \-a \-s staff_u %engineering |
| |
| .SH "SEE ALSO" |
| .B selinux (8), |
| .B semanage (8), |
| .B semanage-user (8) |
| |
| .SH "AUTHOR" |
| This man page was written by Daniel Walsh <dwalsh@redhat.com> |