HEX
Server: nginx/1.29.3
System: Linux 11979.bigscoots-wpo.com 6.8.0-88-generic #89-Ubuntu SMP PREEMPT_DYNAMIC Sat Oct 11 01:02:46 UTC 2025 x86_64
User: nginx (1068)
PHP: 7.4.33
Disabled: exec,system,passthru,shell_exec,proc_open,proc_close,popen,show_source,cmd# Do not modify this line # 1684243876
$ pwd: /usr/lib/python3.9/site-packages/sepolicy/help/
Upload Files
File: //usr/lib/python3.9/site-packages/sepolicy/help/login.txt
By Default on a SELinux Targeted Policy system, all users login using the unconfined_t user.


But SELinux has a very powerful concept called confined users.  You can setup individual users on your system to login with different SELinux user types.  This Login Mapping Screen allows you to map a Linux login user to an SELinux User.

Default SELinux Users:

* Terminal user/ssh - guest_u
  - No Network, No setuid, no exec in homedir

* Browser user/kiosk - xguest_u
  - Web access ports only.  No setuid, no exec in homedir

* Full Desktop user - User_u
  - Full Network, No SETUID.

* Confined Admin/Desktop User - Staff_u
  - Full Network, sudo to admin only, no root password.  Usually a confined admin

* Unconfined user - unconfined_u (Default)
  - SELinux does not block access.
@ Telegram