Run shells with substitute user and group
Execute su in the caller domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
The per role template for the su module.
This template creates a derived domain which is allowed to change the linux user id, to run shells as a different user.
This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
user_domain |
The type of the user domain. |
user_role |
The role associated with the user domain. |
Restricted su domain template.
This template creates a derived domain which is allowed to change the linux user id, to run shells as a different user.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
user_domain |
The type of the user domain. |
user_role |
The role associated with the user domain. |