Man page - seusers(5)

Packages contains this manual

Manual

seusers

NAME
DESCRIPTION
FILE FORMAT
EXAMPLE
SEE ALSO

NAME

seusers - The SELinux GNU/Linux user to SELinux user mapping configuration file

DESCRIPTION

The seusers file contains a list GNU/Linux user to SELinux user mapping for use by SELinux-aware login applications such as PAM (8).

selinux_usersconf_path (3) will return the active policy path to this file. The default SELinux users mapping file is located at:

/etc/selinux/{SELINUXTYPE}/seusers

Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config (5)).

getseuserbyname (3) reads this file to map a GNU/Linux user or group to an SELinux user.

FILE FORMAT

Each line of the seusers configuration file consists of the following:

[ % group_id ]|[ user_id ] : seuser_id [ : range ]

Where:

group_id | user_id

The GNU/Linux user id, or if preceded by the percentage ( % ) symbol, then a GNU/Linux group id.
An optional entry set to __default__ can be provided as a fall back if required.

seuser_id

The SELinux user identity.

range

The optional level or range for an MLS/MCS policy.

EXAMPLE

# ./seusers
system_u:system_u:s0-s15:c0.c255
root:root:s0-s15:c0.c255
fred:user_u:s0
__default__:user_u:s0
%user_group:user_u:s0

SEE ALSO

selinux (8), PAM (8), selinux_usersconf_path (3), getseuserbyname (3), selinux_config (5)