| Dan Walsh | 1925e1e | 2013-10-11 08:34:44 -0400 | [diff] [blame] | 1 | .TH "semanage-user" "8" "20130617" "" "" |
| 2 | .SH "NAME" |
| Laurent Bigonville | 2e93833 | 2013-11-06 13:24:01 +0100 | [diff] [blame] | 3 | .B semanage\-user \- SELinux Policy Management SELinux User mapping tool |
| Dan Walsh | 1925e1e | 2013-10-11 08:34:44 -0400 | [diff] [blame] | 4 | .SH "SYNOPSIS" |
| Nicolas Iooss | 7dd66ea | 2018-09-05 21:42:43 +0200 | [diff] [blame] | 5 | .B semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE SEUSER) | \-\-delete SEUSER | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE SEUSER ) ] |
| Dan Walsh | 1925e1e | 2013-10-11 08:34:44 -0400 | [diff] [blame] | 6 | |
| 7 | .SH "DESCRIPTION" |
| 8 | semanage is used to configure certain elements of |
| 9 | SELinux policy without requiring modification to or recompilation |
| 10 | from policy sources. semanage user controls the mapping between an SELinux User and the roles and MLS/MCS levels. |
| 11 | |
| 12 | .SH "OPTIONS" |
| 13 | .TP |
| 14 | .I \-h, \-\-help |
| 15 | show this help message and exit |
| 16 | .TP |
| 17 | .I \-n, \-\-noheading |
| 18 | Do not print heading when listing the specified object type |
| 19 | .TP |
| 20 | .I \-N, \-\-noreload |
| 21 | Do not reload policy after commit |
| 22 | .TP |
| 23 | .I \-S STORE, \-\-store STORE |
| 24 | Select an alternate SELinux Policy Store to manage |
| 25 | .TP |
| 26 | .I \-C, \-\-locallist |
| 27 | List local customizations |
| 28 | .TP |
| 29 | .I \-a, \-\-add |
| 30 | Add a record of the specified object type |
| 31 | .TP |
| 32 | .I \-d, \-\-delete |
| 33 | Delete a record of the specified object type |
| 34 | .TP |
| 35 | .I \-m, \-\-modify |
| 36 | Modify a record of the specified object type |
| 37 | .TP |
| 38 | .I \-l, \-\-list |
| 39 | List records of the specified object type |
| 40 | .TP |
| 41 | .I \-E, \-\-extract |
| 42 | Extract customizable commands, for use within a transaction |
| 43 | .TP |
| 44 | .I \-D, \-\-deleteall |
| 45 | Remove all local customizations |
| 46 | .TP |
| 47 | .I \-L LEVEL, \-\-level LEVEL |
| 48 | Default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only) |
| 49 | .TP |
| 50 | .I \-r RANGE, \-\-range RANGE |
| 51 | MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0. |
| 52 | .TP |
| 53 | .I \-R [ROLES], \-\-roles [ROLES] |
| 54 | SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify \-R multiple times. |
| 55 | |
| 56 | .SH EXAMPLE |
| 57 | .nf |
| 58 | List SELinux users |
| 59 | # semanage user \-l |
| 60 | Modify groups for staff_u user |
| 61 | # semanage user \-m \-R "system_r unconfined_r staff_r" staff_u |
| 62 | Add level for TopSecret Users |
| Laurent Bigonville | 2e93833 | 2013-11-06 13:24:01 +0100 | [diff] [blame] | 63 | # semanage user \-a \-R "staff_r" \-rs0\-TopSecret topsecret_u |
| Dan Walsh | 1925e1e | 2013-10-11 08:34:44 -0400 | [diff] [blame] | 64 | |
| 65 | .SH "SEE ALSO" |
| Alan Jenkins | 62f0589 | 2017-01-11 12:41:09 +0000 | [diff] [blame] | 66 | .BR selinux (8), |
| 67 | .BR semanage (8), |
| 68 | .BR semanage\-login (8) |
| Dan Walsh | 1925e1e | 2013-10-11 08:34:44 -0400 | [diff] [blame] | 69 | |
| 70 | .SH "AUTHOR" |
| 71 | This man page was written by Daniel Walsh <dwalsh@redhat.com> |