| By Default on a SELinux Targeted Policy system, all users login using the unconfined_t user. |
| |
| |
| But SELinux has a very powerful concept called confined users. You can setup individual users on your system to login with different SELinux user types. This Login Mapping Screen allows you to map a Linux login user to an SELinux User. |
| |
| Default SELinux Users: |
| |
| * Terminal user/ssh - guest_u |
| - No Network, No setuid, no exec in homedir |
| |
| * Browser user/kiosk - xguest_u |
| - Web access ports only. No setuid, no exec in homedir |
| |
| * Full Desktop user - User_u |
| - Full Network, No SETUID. |
| |
| * Confined Admin/Desktop User - Staff_u |
| - Full Network, sudo to admin only, no root password. Usually a confined admin |
| |
| * Unconfined user - unconfined_u (Default) |
| - SELinux does not block access. |