0
I'd like a user who is capable of managing the files of other users, but still must run sudo to access those files and functions outside of a /home/directory. Is such a user/group already defined in the unix/centos infrastructures? If not, what's a good way to acheive this?
Chris Keele
Posted 2012-07-09T20:26:10.737
Reputation: 103
1
SELinux will allow you to do this. Create a role that has access to all home files and then assign this role to a user of your choice.
EDIT:
IBM developerWorks: "Role-based access control in SELinux"
RHEL 5 Deployment Guide: "Chapter 4. Security and SELinux"
SELinux Mandatory Access Control: "SELinux Lockdown Part Six: Customized SELinux Roles"
Ignacio Vazquez-Abrams
Posted 2012-07-09T20:26:10.737
Reputation: 100 516
It sure seems like you could expand on this answer a lot more. At least provide links to some relevant documentation or some page/blog with a somewhat useful example. – Zoredache – 2012-07-09T22:59:08.837
@Zoredache: Done. – Ignacio Vazquez-Abrams – 2012-07-10T00:53:18.447
Right now I'm looking at setting
chmod -R g+rwx adminto all standard home directories and runningusermod -g admin deploy. – Chris Keele – 2012-07-09T21:07:49.523