In this lab, we’ll review the process of granting `sudo` privileges to SELinux confined users. When working with SELinux confined users, you may run into problems with Linux users not being able to use `sudo` anymore. We’ll discuss why this happens and how to resolve the issue.
*This course is not approved or sponsored by Red Hat.*
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Map `pbeesly` and `jhalpert` to the Appropriate SELinux User
- Become root.
sudo su - Run the following commands to map
pbeeslyandjhalpertto thestaff_uSELinux user:semanage login -a -s "staff_u" pbeesly semanage login -a -s "staff_u" jhalpert
- Become root.
- Add `pbeesly` and `jhalpert` to the `sudoers` File
- Open the
sudoersfile.visudo - Type
/and search for the lineroot ALL=(ALL) ALL. - Add the following two lines under the line
root ALL=(ALL) ALL:pbeesly ALL=(ALL) TYPE=administrator_t ROLE=administrator_r /bin/sh jhalpert ALL=(ALL) TYPE=administrator_t ROLE=administrator_r /bin/sh
- Open the
- Update the SELinux Security Context of Each User’s Home Directory
- Run the following commands to update the SELinux security context of each user’s home directory:
restorecon -FR -v /home/pbeesly restorecon -FR -v /home/jhalpert
- Run the following commands to update the SELinux security context of each user’s home directory:
