My user (tom) has user_u , user_r and user_t via semanage but it still can perform sudo

0 votes

1 answer

39 views

My user (tom) is mapped to user_u user , user_r role and user_t domain via semanage

[tom@localhost ~]$ id -Z
user_u:user_r:user_t:s0
[tom@localhost ~]$

because I have made the "default" as "user_u"

[tom@localhos ~]$ sudo semanage login -l

Login Name           SELinux User         MLS/MCS Range        Service

__default__          user_u               s0                   *
root                 unconfined_u         s0-s0:c0.c1023       *
system_u             system_u             s0-s0:c0.c1023       *
[tom@localhos ~]$

but it still can perform sudo

[tom@localhost ~]$ sudo -l
Matching Defaults entries for tom on localhost:

User tom may run the following commands on localhost:
    (ALL) NOPASSWD: ALL
[tom@localhost ~]$

It seems, this is because of "% ALL = (ALL) NOPASSWD:ALL" in the sudoers

[tom@localhost ~]$ sudo cat /etc/sudoers
root ALL = (ALL) NOPASSWD:ALL
% ALL = (ALL) NOPASSWD:ALL
admin ALL = (ALL) NOPASSWD:ALL
[tom@localhost ~]$

Please help me fix my issue

Asked by Rock (3 rep)

Jun 2, 2022, 06:18 PM
Last activity: Jun 2, 2022, 08:25 PM

My user (tom) has user_u , user_r and user_t via semanage but it still can perform sudo

Related Questions