On Sat, 2004-03-13 at 15:53, Aleksey Nogin wrote:
On 11.03.2004 07:36, Stephen Smalley wrote:
Hence, if you add yourself to policy/users and authorize yourself for staff_r and sysadm_r and reload your policy, then you should be able to do sudo -r sysadm_r <command>.
What is the difference between the sysadm_r and system_r? When should I be using
sudo -r sysadm_r
and when
sudo -r system_r -t sysadm_t
You shouldn't need to do the latter ever.
I suspect that sudo should default to switching to sysadm_r, as that will be the expected behavior. It can use get_default_context to obtain a default context for the user and /etc/security/default_contexts can be set up to make it default to sysadm_r:sysadm_t.