HEX
Server: LiteSpeed
System: Linux kapuas.iixcp.rumahweb.net 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
User: mirz4654 (1666)
PHP: 8.1.33
Disabled: system,exec,escapeshellarg,escapeshellcmd,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,popen,pclose,dl,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setsid,posix_setuid,posix_setpgid,ini_alter,show_source,define_syslog_variables,symlink,syslog,openlog,openlog,closelog,ocinumcols,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dll,ftp,myshellexec,socket_bind,mail,posix_getwpuid
$ pwd: /usr/lib/python3.9/site-packages/sepolicy/help/
Upload Files
File: //usr/lib/python3.9/site-packages/sepolicy/help/users.txt
By Default on a SELinux Targeted Policy system, all users login using the unconfined_t user.

SELinux has a very powerful concept called confined users.  You can setup individual users on your system to login with different SELinux user types.  This SELinux User Screen allows you to create/modify SELinux Users and map them to SELinux Roles and MLS/MCS Ranges

Default SELinux Users:

* Terminal user/ssh - guest_u
  - No Network, No setuid, no exec in homedir

* Browser user/kiosk - xguest_u
  - Web access ports only.  No setuid, no exec in homedir

* Full Desktop user - User_u
  - Full Network, No SETUID.

* Confined Admin/Desktop User - Staff_u
  - Full Network, sudo to admin only, no root password.  Usually a confined admin

* Unconfined user - unconfined_u (Default)
  - SELinux does not block access.
@ Telegram