From: | Sven Vermeulen <sven.vermeulen@××××××.be> | ||
---|---|---|---|
To: | gentoo-hardened@l.g.o | ||
Subject: | Re: [gentoo-hardened] SELinux (strict policy) and ssh | ||
Date: | Sun, 14 Nov 2010 20:25:07 | ||
Message-Id: | 20101114202343.GA28621@siphos.be | ||
In Reply to: | [gentoo-hardened] SELinux (strict policy) and ssh by luc nac |
1 | On Sun, Nov 14, 2010 at 01:40:12PM +0100, luc nac wrote: |
2 | > Is it right that I can still login (or switch to the sysadm_r role) |
3 | > via ssh to that machine even if the boolean "ssh_sysadm_login" is set |
4 | > "off"? |
5 | |
6 | Yes, the boolean only ensures that users cannot immediately log on (through |
7 | SSH) in the sysadm_r role. Once they are logged on, they can always use |
8 | newrole. |
9 | |
10 | wkr, |
11 | Sven Vermeulen |