local.users man page

local.users — The SELinux local users configuration file

Description

The file contains local user definitions in the form of policy language user statements and is only found on older SELinux systems as it has been deprecated and replaced by the semange(8) services.

This file is only read by selinux_mkload_policy(3) when SETLOCALDEFS in the SELinux config file (see selinux_config(5)) is set to 1.

selinux_users_path(3) will return the active policy path to the directory where this file is located. The default local users file is:

/etc/selinux/{SELINUXTYPE}/contexts/users/local.users

Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).

File Format

The file consists of one or more entries terminated with ';', each on a separate line as follows:

user seuser_id roles role_id [[level level] [range range]];

Where:

user

The user keyword.

seuser_id

The SELinux user identifier.

roles

The roles keyword.

role_id

One or more previously declared role identifiers. Multiple role identifiers consist of a space separated list enclosed in braces '{}'.

level

If MLS/MCS is configured, the level keyword.

level

The users default security level. Note that only the sensitivity component of the level (e.g. s0) is required.

range

If MLS/MCS is configured, the range keyword.

range

The current and clearance levels that the user can run. These are separated by a hyphen '-' as shown in the Example section.

Example

# ./users/local.users
user test_u roles staff_r level s0 range s0 - s15:c0.c1023;

See Also

selinux(8), semanage(8), selinux_users_path(3), selinux_config(5), selinux_mkload_policy(3)

Referenced By

booleans(5), selinux_config(5).

28-Nov-2011 Security Enhanced Linux SELinux configuration