7.3. SELinux User Roles

SELinux policy uses roles to determine what users are permitted to interact with the security subsystem.

7.3.1. user

The user role is the default role for normal users. They are not permitted to change their role beyond the default.

7.3.2. staff

The staff role is the default role for administrative user accounts, including the root account. They have no special abilities beyond the user role, but they can transition into the sysadm role by issuing a newrole command.

Typing the command newrole -r sysadm_r while in the staff role will request your password and then transition you into the sysadm role.

7.3.3. sysadm

The sysadm role is the equivalent of root in a non-SELinux system. This role is used for all system administration. Being logged in as the root account is not enough, you must also transition to the sysadm role in order to perform most system administration tasks.