Layer: admin

Module: su

Tunables Interfaces Templates

Description:

Run shells with substitute user and group.

Tunables:

su_allow_user_exec_domains

Default value

false

Description

Determine whether the user application exec domain attribute should be respected for su access. If not enabled, only user domains themselves may use su.

Return

Interfaces:

su_exec(
	
		domain
		
	)

Summary

Execute su in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return

Templates:

su_restricted_domain_template(
	
		userdomain_prefix
		
			,
		
		user_domain
		
			,
		
		user_role
		
	)

Summary

Restricted su domain template.

Description

This template creates a derived domain which is allowed to change the linux user id, to run shells as a different user.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).
user_domain	The type of the user domain.
user_role	The role associated with the user domain.

su_role_template(
	
		role_prefix
		
			,
		
		user_domain
		
			,
		
		user_exec_domain
		
			,
		
		role
		
	)

Summary

The role template for the su module.

Parameters

Parameter:	Description:
role_prefix	The prefix of the user role (e.g., user is the prefix for user_r).
user_domain	User domain for the role.
user_exec_domain	User exec domain for execute and transition access.
role	Role allowed access

Return