seusers man page

seusers — The SELinux GNU/Linux user to SELinux user mapping configuration file

Description

The seusers file contains a list GNU/Linux user to SELinux user mapping for use by SELinux-aware login applications such as PAM(8).

selinux_usersconf_path(3) will return the active policy path to this file. The default SELinux users mapping file is located at:

/etc/selinux/{SELINUXTYPE}/seusers

Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).

getseuserbyname(3) reads this file to map a GNU/Linux user or group to an SELinux user.

File Format

Each line of the seusers configuration file consists of the following:

[%group_id]|[user_id]:seuser_id[:range]

Where:

group_id|user_id
The GNU/Linux user id, or if preceded by the percentage (%) symbol, then a GNU/Linux group id.
An optional entry set to __default__ can be provided as a fall back if required. seuser_id
The SELinux user identity. range
The optional level or range for an MLS/MCS policy.

Example

# ./seusers
system_u:system_u:s0-s15:c0.c255
root:root:s0-s15:c0.c255
fred:user_u:s0
__default__:user_u:s0
%user_group:user_u:s0

See Also

selinux(8), PAM(8), selinux_usersconf_path(3), getseuserbyname(3), selinux_config(5)

Referenced By

selinux_config(5).

28-Nov-2011 Security Enhanced Linux SELinux configuration