From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Description of problem: In the run level 3, at the log-in root can choose the role. However the run lovel 5 (GNOME) seems not to have any capability to choose the run-level. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.At the GNOME log in 2.set "root" at login screen and the press <Enter> key 3.set password for password screen and the press <Enter> key Actual Results: Just loged in without role selection. Expected Results: I wish to choose the role stuff, sysadm and so on if available. Additional info: Or when starting the commands which require the sysadm role, pop up the dialog to enter the sysadm role.
Colin, Dan, any thoughts?
IMHO, is it really any good reason to allow the entire desktop session sysadm role when users can change to that role within a console if they really need such access?
I think in order to make this useful, we need infrastructure in SELinux for displaying somewhat more human-readable role identifiers to users. Like "Administrator Role" instead of sysadm_r, and "Normal Role" or something instead of user_r. Warren - we're not just talking about sysadm_r here; in SELinux the user could have a number of different roles, like webmaster_r and developer_r.
Allowing gnome to X-Windows login to login as other roles was decided to be not appropriate. Admins can setup the /etc/selinux/strict/context/users directory to change the default role that a user logs in as.