Granting `sudo` Privileges to Confined Users

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

In this lab, we’ll review the process of granting `sudo` privileges to SELinux confined users. When working with SELinux confined users, you may run into problems with Linux users not being able to use `sudo` anymore. We’ll discuss why this happens and how to resolve the issue.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Map `pbeesly` and `jhalpert` to the Appropriate SELinux User
  1. Become root.
    sudo su
  2. Run the following commands to map pbeesly and jhalpert to the staff_u SELinux user:
    semanage login -a -s "staff_u" pbeesly  
    semanage login -a -s "staff_u" jhalpert
Add `pbeesly` and `jhalpert` to the `sudoers` File
  1. Open the sudoers file.
    visudo
  2. Type / and search for the line root ALL=(ALL) ALL.
  3. Add the following two lines under the line root ALL=(ALL) ALL:
    pbeesly  ALL=(ALL)  TYPE=administrator_t  ROLE=administrator_r  /bin/sh
    jhalpert  ALL=(ALL)  TYPE=administrator_t  ROLE=administrator_r  /bin/sh
Update the SELinux Security Context of Each User’s Home Directory
  1. Run the following commands to update the SELinux security context of each user’s home directory:
    restorecon -FR -v /home/pbeesly
    restorecon -FR -v /home/jhalpert

Additional Resources

SELinux has recently been enabled on a host and has caused problems with users being able to use sudo. You need to make sure that two users, pbeesly and jhalpert, are able to use sudo.

To do this, you will need to map the two user accounts to an SELinux user with the appropriate role. You should not map them to the sysadm_u SELinux user. Be sure to also include the users in the sudoers file and update each user's home directory's SELinux security context.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!