Su from an unprivileged account
Gene Czarcinski
gene at czarc.net
Thu Apr 15 20:40:07 UTC 2004
On Thursday 15 April 2004 15:45, Daniel J Walsh wrote:
> >Mmmm .. I wonder if it can be fine tuned enough so that a user could su to
> >another regular user but not root or any user with sysadm_r capability?
> > At the same time, a user with a sysadm_r capability could su to anyone.
> >
> >That might be an interesting capability to have.
> >
>
> That is what staff_r is defined as. If you turn off user_canbe_sysadm,
> you will end up with regular users who can't su and
> staff users who can.
Great! Well, that puts this message into my selinux "Goodinfo" folder.
Gene
More information about the fedora-selinux-list
mailing list