id -Z Command explaination

[riseup]

I get the following result with id command

#id -Z
user_u:system_r:unconfined_t

I read a bit on this and it is related to SE Linux. But not sure if this will be a problem.
Any suggestions on why this is showing and how to remove it.

THanks

[cnamejj]

What problem are you trying to solve? I'm not an SE Linux expert, but I don't see anything wrong with the command output you posted.

[riseup]

Was just trying to remove this. Looked on other blogs and it requires be to disable SE Linux.

Any idea if we can disable SELINux without reboot? Checked online it asks to use "setenforce 0" and add disabled in "/etc/sysconfig/selinux".

But the change is effected only after reboot.

[nikhil_shinde1]

Hi Riseup,

The following command give the output related to SELinux - Security Enhanced Linux

#id -Z
user_u:system_r:unconfined_t

Output can be explained as :
First Part : user_u -> user account associated with subject or object ie ( Process or Files, Dir, links etc), this account is not like normal user account. (SELINUX USER ACCOUNT)

Second part: system_r indicates roles. there are different roles in SELinux. this is to enhance security based on ROLES (ROLES)

Third Part: unconfined_t , ie it runs in unconfined_t domain.(DOMAIN)

This all fields are called contexts which are used for enhanced security.

Any idea if we can disable SELinux without reboot? Checked online it asks to use "setenforce 0" and add disabled in "/etc/sysconfig/selinux".
But the change is effected only after reboot.

SELinux operates in 3 modes
Enabled
Permissive
Disabled

Enabled Mode - If access is required then it will check selinux context for object(files, dir) and Process (output which id -Z command gives) and deny access based on SELINUX rules.

Permissive Mode - It will check selinux context but it will grant you access but it will log errors

setenforce 0 does not means disable.

Disable Mode - Only reboot can disable context.

Keep posted if any doubts.

Best Wishes,
Nikhil Shinde.