Initial role based on entry
Users will often have multiple roles associated with them. Depending on how they interact with the system, a different initial role (and a user domain) might be needed. Consider a user who interacts with a system locally (through the console), remotely through SSH (for administrative purposes), and through FTP (as an end user), as depicted in the following diagram:
We want to make sure that the default role in which the user session starts on the system depends on the entry point on the system. Direct console logon can be in the administrative role, sysadm_r, whereas remote logon is first in the staff_r role (to ensure a stolen SSH key cannot be used to perform administrative tasks on the system without knowing the users' system password). The use of the FTP server should result in an unprivileged role, ftp_shell_r.
Note
The ftp_shell_r role is a nondefault role and will not be available by default. Using SELinux with an FTP server in this setup requires that the...
