Mapping Oracle Linux Users to SELinux Confined Users
By default, users are mapped to the unconfined_u
SELinux user when they're
created. Users can check their security context by running:
id -Z
The output is similar to the following:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
A system administrator can map an Oracle Linux user to an SELinux
confined user to apply different levels of access. For example, to map the
oracle user to the SELinux user_u
user, use the
semanage command:
sudo semanage login -a -s user_u oracle
When you create a user, you can specify the SELinux user mapping when you run the
useradd command. For example, to add a privileged
oracleadmin user that maps onto the SELinux staff_u
user, run:
sudo useradd -Z staff_u oracleadmin