Let wheel be wheel despite SELinux

Latest response

For accreditation purposes, SELinux is helpful on this machine. But the designated administrators being able to administer is also helpful. Accreditation of a system in which SELinux stops all attempts to use sudo by the members of wheel will not be granted.

How do you go about letting wheel be wheel, so to speak?

Responses

What kind of issues are you seeing? I've never seen this behavior so I tend to thing something must be misconfigured.

Yes, what happens is the user in wheel is told that his password is incorrect regardless. sudoers does include the line:

%wheel ALL = ALL

I guess you'll need to change the SELinux user for the users in wheel group to staff_u user

semanage login -a -s staff_u username

The following article is pretty simple and explains it very well - https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part-3-users

Thanks, I'll give that a try

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.