| Mode |
Meaning |
|---|
| u |
This role is a user role. That is, the role name must be an existing user on the system. |
| g |
This role is a group role. That is, the role name must be an existing group on the system. |
| s |
This role is a special role, meaning it does not belong to a user or group and does not require an enforced secure policy base to be included in the ruleset. |
| A |
This role is an administrative role, thus it has special privileges that normal roles do not have. In particular, this role bypasses the additional ptrace and library loading restrictions. |
| G |
This role can use gradm to authenticate to the kernel. A policy for gradm will automatically be added to the role. |
| l |
This role has learning enabled. |
| N |
This role does not require authentication. To access this role, use 'gradm -n <rolename>'. |
| P |
This role uses Pluggable Authentication Modules (PAM) for authentication. |
| T |
This role has Trusted Path Execution (TPE) enabled. |
| R |
The role is persistence. When shell/session in which authorization was done is terminated, spawned processes won't be dropped to non-special role. Do NOT use this flag with any role that does anything but shut the system down. |
Last modified on 24 August 2011, at 13:30