Red Hat Bugzilla – Bug 139433
SELinux FAQ - resultes of id -Z for root incorrect for targeted policy
Last modified: 2007-04-18 13:15:09 EDT
Description of change/FAQ addition. If a change, include the original text first, then the changed text: Under the targeted policy, the context of the root account is different than in the examples in the FAQ. If the examples should reflect the more common targeted policy, these should be changed. URLs: http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id3522132 http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id3523386 id -Z root:sysadm_r:sysadm_t becomes id -Z root:system_r:unconfined_t Version-Release of FAQ (found on http://fedora.redhat.com/docs/selinux-faq-fc3/ln-legalnotice.html), for example: selinux-faq-1.3-4 (2004-11-09-T16:20-0800)
*** Bug 142182 has been marked as a duplicate of this bug. ***
Added in 1.3-5, coming live Real Soon Now (TM). ## The Q/A Q: How can I create a new Linux user account with the user's home directory having the proper context? A: You can create your new user with the standard useradd command, but first you must become root with a context of sysadm_r. This context switch has been incorporated into the su command and occurs automatically: su - root id -Z root:system_r:unconfined_t useradd auser ls -Z /home drwx------ auser auser root:object_r:user_home_dir_t /home/auser The initial context for a new user directory has an identity of root. Subsequent relabeling of the file system will change the identity to system_u. These are functionally the same since the role and type are identical (object_r:user_home_dir_t.) ## 30 ##