Managing user clearances

Edit online

Each user, including the ISSO, SA, and SO users, must have labels to log in to the system. The user clearance can be specified in the /etc/security/user file as part of the user’s stanza. The minsl, maxsl, defsl, mintl, maxtl, and deftl attributes specify the minimum SL, maximum SL, default SL, minimum TL, maximum TL, and default TL, respectively, for the user. If these attributes are specified in the user’s stanza, the values specified in the default stanza of the file are assigned to the user.

Only an ISSO user can modify the security clearance database. The user’s clearance can be listed with the lsuser and lssec commands and can be modified using the chuser and chsec commands.

The default SL value must be dominated by the maximum SL value and must dominate the minimum SL. Similarly, the default TL value must be dominated by the maximum TL value and must dominate the minimum TL.

Note: For a user to successfully log in to the system, the above relation must hold true.