[redhat-lspp] Re: Adminstrative Roles - Take Two

Michael C Thompson thompsmc at us.ibm.com
Thu May 11 21:18:29 UTC 2006


Daniel J Walsh wrote:
> Michael C Thompson wrote:
>> Daniel J Walsh wrote:
>>> Michael C Thompson wrote:
>>>> Hey all,
>>>>
>>>> I'm preempting the minutes from the call to begin a nice solidified 
>>>> list of things that constitute the permissions of the administrative 
>>>> users (and staff) on the system. As this gets developed, I will add 
>>>> it to the Fedora Wiki [ http://fedoraproject.org/wiki/SELinux ].
>>>>
>>>> I would like to focus more on talking about how the policy should 
>>>> work, and less about how the policy does work.
>>>>
>>>> There are 3 administrative roles and 2 user roles:
>>>> sysadm_r
>>>> secadm_r
>>>> auditadm_r
>>>>
>>>> staff_r
>>>> user_r

Who should be capable of doing doing setenforce 1 ? secadm_r should (and 
is) be the only one who can do setenforce 0, but should setenforce 1 be 
equally restricted?

Thanks,
Mike




More information about the redhat-lspp mailing list