[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: Non root user cannot execute semanage, semodule
From:       "Justin Mattock" <justinmattock () gmail ! com>
Date:       2008-12-10 17:22:03
Message-ID: dd18b0c30812100922n1ecd844s1fc3d8113ef91cff () mail ! gmail ! com
[Download RAW message or body]

On Wed, Dec 10, 2008 at 8:34 AM, Rahul Jain <erahul29@yahoo.com> wrote:
> Thankyou All,
>
> This community is really awesome.
>
> As suggested by Stephen I used sudo in order to allow a non root user
> execute the priviledged commands like semodule and semanage and protected
> the configuration file using SELinux. Though I tried to tweak the
> policycoreutils also to get the things done but it did not work. The
> reason being, the some intermediate directories that are created when these
> commands are executed. The owner of these directories is root and a non root
> user is not able to access these directories.
>
> For me it was important to allow security officer execute these commands
> because his role entitles him to perform all security policy related tasks.
> Semodule was needed to load the policy modules while semanage was required
> to map the Linux users with the selinux users.
>
> Thanks and Regards
> Rahul Jain
>
>
>

Yeah that makes sense.
glad you up and running.

-- 
Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]