Layer: admin

Module: su

Interfaces Templates

Description:

Run shells with substitute user and group

Interfaces:

su_exec( domain )
Summary

Execute su in the caller domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
Return

Templates:

su_per_role_template( userdomain_prefix , user_domain , user_role )
Summary

The per role template for the su module.

Description

This template creates a derived domain which is allowed to change the linux user id, to run shells as a different user.

This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
user_domain

The type of the user domain.

No
user_role

The role associated with the user domain.

No
su_restricted_domain_template( userdomain_prefix , user_domain , user_role )
Summary

Restricted su domain template.

Description

This template creates a derived domain which is allowed to change the linux user id, to run shells as a different user.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
user_domain

The type of the user domain.

No
user_role

The role associated with the user domain.

No
Return