dbadm_selinux(8) dbadm SELinux Policy documentation dbadm_selinux(8)NAME
dbadm_r - Database administrator role - Security Enhanced Linux Policy
DESCRIPTION
SELinux supports Roles Based Access Control, some Linux roles are login
roles, while other roles need to be transition to.
Note: The examples in the man page will user the staff_u user.
Non login roles are usually used for administrative tasks.
Roles usually have default types assigned to them.
The default type for the dbadm_r role is dbadm_t.
You can use the newrole program to transition directly to this role.
newrole -r dbadm_r -t dbadm_t
sudo can also be setup to transition to this role using the visudo com‐
mand.
USERNAME ALL=(ALL) ROLE=dbadm_r TYPE=dbadm_t COMMAND
sudo will run COMMAND as staff_u:dbadm_r:dbadm_t:LEVEL
If you want to use a non login role, you need to make sure the SELinux
user you are using can reach this role.
You can see all of the assigned SELinux roles using the following
semanage user -l
If you wanted to add dbadm_r to the staff_u user, you would execute:
$ semanage user -m -R 'staff_r dbadm_r' staff_u
SELinux policy also controls which roles can transition to a different
role. You can list these rules using the following command.
sesearch --role_allow
SELinux policy allows the staff_r role can transition to the dbadm_r
role.
COMMANDS
semanage login can also be used to manipulate the Linux User to SELinux
User mappings
semanage user can also be used to manipulate SELinux user definitions.
system-config-selinux is a GUI tool available to customize SELinux pol‐
icy settings.
AUTHOR
This manual page was autogenerated by genuserman.py.
SEE ALSOselinux(8), semanage(8).
mgrepl@redhat.com dbadm dbadm_selinux(8)