Su from an unprivileged account
Gene Czarcinski
gene at czarc.net
Thu Apr 15 18:15:59 UTC 2004
On Thursday 15 April 2004 14:09, Daniel J Walsh wrote:
> Nic¤ wrote:
> >Hi all.
> >
> >Is there a way to easily configure the policy to allow
> >an unprivileged user to execute the su command.
> >
> >By default, this is not allowed !
>
> By default it is allowed, there is a tunable to turn this off, but a
> normal user should be able to su.
Mmmm .. I wonder if it can be fine tuned enough so that a user could su to
another regular user but not root or any user with sysadm_r capability? At
the same time, a user with a sysadm_r capability could su to anyone.
That might be an interesting capability to have.
Gene
More information about the fedora-selinux-list
mailing list