How do I make sudo "trusted"?
Stephen Smalley
sds at epoch.ncsc.mil
Thu Mar 18 16:17:13 UTC 2004
On Sat, 2004-03-13 at 15:53, Aleksey Nogin wrote:
> On 11.03.2004 07:36, Stephen Smalley wrote:
>
> > Hence, if you add yourself to policy/users and authorize
> > yourself for staff_r and sysadm_r and reload your policy, then you
> > should be able to do sudo -r sysadm_r <command>.
>
> What is the difference between the sysadm_r and system_r? When should I
> be using
>
> sudo -r sysadm_r
>
> and when
>
> sudo -r system_r -t sysadm_t
You shouldn't need to do the latter ever.
I suspect that sudo should default to switching to sysadm_r, as that
will be the expected behavior. It can use get_default_context to obtain
a default context for the user and /etc/security/default_contexts can be
set up to make it default to sysadm_r:sysadm_t.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list