ACC SHELL

<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 25. Confining Users with pam_apparmor</title><link rel="stylesheet" href="susebooks.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Documentation"><link rel="up" href="part.apparmor.html" title="Part IV. Confining Privileges with Novell AppArmor"><link rel="prev" href="cha.apparmor.hat.html" title="Chapter 24. Profiling Your Web Applications Using ChangeHat"><link rel="next" href="cha.apparmor.managing.html" title="Chapter 26. Managing Profiled Applications"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> &gt; </span><a href="book.security.html">Security Guide</a><span class="breadcrumbs-sep"> &gt; </span><a href="part.apparmor.html">Confining Privileges with Novell AppArmor</a><span class="breadcrumbs-sep"> &gt; </span><strong><a accesskey="p" title="Chapter 24. Profiling Your Web Applications Using ChangeHat" href="cha.apparmor.hat.html"><span>&#9664;</span></a>  <a accesskey="n" title="Chapter 26. Managing Profiled Applications" href="cha.apparmor.managing.html"><span>&#9654;</span></a></strong></p></div></td></tr></table></div><div class="chapter" title="Chapter 25. Confining Users with pam_apparmor"><div class="titlepage"><div><div><h2 class="title"><a name="cha.apparmor.pam"></a>Chapter 25. Confining Users with <code class="systemitem">pam_apparmor</code><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.apparmor.pam">¶</a></span></h2></div></div></div><p>
  An AppArmor profile applies to an executable program; if a portion of the
  program needs different access permissions than other portions need, the
  program can change hats via change_hat to a different role, also known as
  a subprofile. The pam_apparmor PAM module allows applications to confine
  authenticated users into subprofiles based on group names, user names, or
  a default profile. To accomplish this, pam_apparmor needs to be registered
  as a PAM session module.
 </p><p>
  The package pam_apparmor may not installed by default, you may need to
  install it using YaST or <span class="command"><strong>zypper</strong></span>. Details about how to
  set up and configure pam_apparmor can be found in
  <code class="filename">/usr/share/doc/packages/pam_apparmor/README</code> after the
  package has been installed. For details on PAM, refer to
  <a class="xref" href="cha.pam.html" title="Chapter 2. Authentication with PAM">Chapter 2, <i>Authentication with PAM</i></a>.
 </p><p>
  pam_apparmor allows you to set up role-based access control (RBAC). In
  conjunction with the set capabilities rules (see
  <a class="xref" href="cha.apparmor.profiles.html#sec.apparmor.profiles.set_capabilities" title="20.11. Setting Capabilities per Profile">Section 20.11, &#8220;Setting Capabilities per Profile&#8221;</a> for more
  information), it allows you to map restricted admin profiles to users. A
  detailed HOWTO on setting up RBAC with AppArmor is available at
  <a class="ulink" href="http://developer.novell.com/wiki/index.php/Apparmor_RBAC_in_version_2.3" target="_top">http://developer.novell.com/wiki/index.php/Apparmor_RBAC_in_version_2.3</a>.
 </p></div><div class="navfooter"><table width="100%" summary="Navigation footer" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> &gt; </span><a href="book.security.html">Security Guide</a><span class="breadcrumbs-sep"> &gt; </span><a href="part.apparmor.html">Confining Privileges with Novell AppArmor</a><span class="breadcrumbs-sep"> &gt; </span><strong><a accesskey="p" title="Chapter 24. Profiling Your Web Applications Using ChangeHat" href="cha.apparmor.hat.html"><span>&#9664;</span></a>  <a accesskey="n" title="Chapter 26. Managing Profiled Applications" href="cha.apparmor.managing.html"><span>&#9654;</span></a></strong></p></div></td></tr></table></div></body></html>