Find the answer to your Linux question:
Results 1 to 4 of 4
I get the following result with id command #id -Z user_u:system_r:unconfined_t I read a bit on this and it is related to SE Linux. But not sure if this will ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2012
    Posts
    18

    id -Z Command explaination


    I get the following result with id command

    #id -Z
    user_u:system_r:unconfined_t

    I read a bit on this and it is related to SE Linux. But not sure if this will be a problem.
    Any suggestions on why this is showing and how to remove it.

    THanks

  2. #2
    Linux Newbie
    Join Date
    Jun 2012
    Location
    SF Bay area
    Posts
    174
    What problem are you trying to solve? I'm not an SE Linux expert, but I don't see anything wrong with the command output you posted.

  3. #3
    Just Joined!
    Join Date
    Oct 2012
    Posts
    18
    Was just trying to remove this. Looked on other blogs and it requires be to disable SE Linux.

    Any idea if we can disable SELINux without reboot? Checked online it asks to use "setenforce 0" and add disabled in "/etc/sysconfig/selinux".

    But the change is effected only after reboot.

  4. #4
    Just Joined!
    Join Date
    Sep 2012
    Location
    India
    Posts
    29
    Hi Riseup,

    The following command give the output related to SELinux - Security Enhanced Linux

    #id -Z
    user_u:system_r:unconfined_t

    Output can be explained as :
    First Part : user_u -> user account associated with subject or object ie ( Process or Files, Dir, links etc), this account is not like normal user account. (SELINUX USER ACCOUNT)

    Second part: system_r indicates roles. there are different roles in SELinux. this is to enhance security based on ROLES (ROLES)

    Third Part: unconfined_t , ie it runs in unconfined_t domain.(DOMAIN)

    This all fields are called contexts which are used for enhanced security.

    Any idea if we can disable SELinux without reboot? Checked online it asks to use "setenforce 0" and add disabled in "/etc/sysconfig/selinux".
    But the change is effected only after reboot.
    SELinux operates in 3 modes
    Enabled
    Permissive
    Disabled

    Enabled Mode - If access is required then it will check selinux context for object(files, dir) and Process (output which id -Z command gives) and deny access based on SELINUX rules.

    Permissive Mode - It will check selinux context but it will grant you access but it will log errors

    setenforce 0 does not means disable.

    Disable Mode - Only reboot can disable context.

    Keep posted if any doubts.

    Best Wishes,
    Nikhil Shinde.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •