<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.0.9">
</HEAD>
<BODY>
How can I create a new Linux user account such that the home directory is assigned the proper context?<BR>
<BR>
I want to create a new user (fred). <BR>
I want fred's home directory to he located in the default location (<TT>/home/fred</TT>). <BR>
And I want the context for /home/fred to be: <TT>fred:user_r:user_home_dir_t</TT>.<BR>
<BR>
useradd doesn't work. It seems to have two problems:
<BLOCKQUOTE>
1) If <I>my </I>context (when I run useradd fred) is root:staff_r:staff_t, useradd sets the home directory to root:object_r:home_root_t.
</BLOCKQUOTE>
<BR>
<BLOCKQUOTE>
2) If <I>my </I>context is root:sysadm_r:sysadm_t, useradd sets the home directory to root:object_r:user_home_dir_t
</BLOCKQUOTE>
<BR>
Item 1 seems like a bug - why would it choose :home_root_t instead of :user_home_dir_t?<BR>
In either case, the identity is wrong. <BR>
<BR>
I think the problem here is that fred is a Linux user, but not an identity. So, I tried seuseradd instead. That doesn't work either - it seems to create the identity (how would I know???) but the identity assigned to the home directory is still 'root'.<BR>
<BR>
Here are my questions:<BR>
<BR>
1) Why is this so bloody difficult? Can you really expect the average user/administrator to deal with problems like this?<BR>
2) How can I create a new user whose home directory is assigned the proper identity?<BR>
3) How can I get a list of valid identities?<BR>
4) Can I add identities with a simple command (i.e. without recompiling the policy)?<BR>
<BR>
I know about seuserx, but that takes forever to run and is about as friendly as Windows 3.1.<BR>
<BR>
Thanks in advance.<BR>
<BR>
-- Murphy
</BODY>
</HTML>