Run shells with substitute user and group
Execute su in the caller domain.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
Domain allowed access. | No |
The per role template for the su module.
This template creates a derived domain which is allowed to change the linux user id, to run shells as a different user.
This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.
| Parameter: | Description: | Optional: |
|---|---|---|
| userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). | No |
| user_domain |
The type of the user domain. | No |
| user_role |
The role associated with the user domain. | No |
Restricted su domain template.
This template creates a derived domain which is allowed to change the linux user id, to run shells as a different user.
| Parameter: | Description: | Optional: |
|---|---|---|
| userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). | No |
| user_domain |
The type of the user domain. | No |
| user_role |
The role associated with the user domain. | No |