unconfined_u user (the default behavior), and you would like to change which SELinux user they are mapped to, use the semanage login command. The following example creates a new Linux user named newuser, then maps that Linux user to the SELinux user_u user:
/usr/sbin/useradd newuser command to create a new Linux user (newuser). Since this user uses the default mapping, it does not appear in the /usr/sbin/semanage login -l output:
# /usr/sbin/semanage login -l Login Name SELinux User MLS/MCS Range __default__ unconfined_u s0-s0:c0.c1023 root unconfined_u s0-s0:c0.c1023 system_u system_u s0-s0:c0.c1023
user_u user, run the following command as the Linux root user:
/usr/sbin/semanage login -a -s user_u newuser
-a option adds a new record, and the -s option specifies the SELinux user to map a Linux user to. The last argument, newuser, is the Linux user you want mapped to the specified SELinux user.
user_u, run the semanage login -l command as the Linux root user:
# /usr/sbin/semanage login -l Login Name SELinux User MLS/MCS Range __default__ unconfined_u s0-s0:c0.c1023 newuser user_u s0 root unconfined_u s0-s0:c0.c1023 system_u system_u s0-s0:c0.c1023
passwd newuser command to assign a password to the Linux newuser user:
# passwd newuser Changing password for user newuser. New UNIX password:Enter a passwordRetype new UNIX password:Enter the same password againpasswd: all authentication tokens updated successfully.
id -Z command to view the newuser's SELinux context:
[newuser@rlocalhost ~]$ id -Z user_u:user_r:user_t:s0
userdel -r newuser command as the Linux root user to remove it, along with its home directory. Also, the mapping between the Linux newuser user and user_u is removed:
# /usr/sbin/userdel -r newuser # /usr/sbin/semanage login -l Login Name SELinux User MLS/MCS Range __default__ unconfined_u s0-s0:c0.c1023 root unconfined_u s0-s0:c0.c1023 system_u system_u s0-s0:c0.c1023