Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
ContentsContents
Security and Hardening Guide
  1. About This Guide
  2. 1 Security and Confidentiality
  3. 2 Common Criteria
  4. I Authentication
    1. 3 Authentication with PAM
    2. 4 Using NIS
    3. 5 Setting Up Authentication Clients Using YaST
    4. 6 LDAP with 389 Directory Server
    5. 7 Network Authentication with Kerberos
    6. 8 Active Directory Support
    7. 9 Setting Up a FreeRADIUS Server
  5. II Local Security
    1. 10 Physical Security
    2. 11 Software Management
    3. 12 File Management
    4. 13 Encrypting Partitions and Files
    5. 14 Storage Encryption for Hosted Applications with cryptctl
    6. 15 User Management
    7. 16 Restricting cron and at
    8. 17 Spectre/Meltdown Checker
    9. 18 Configuring Security Settings with YaST
    10. 19 Authorization with PolKit
    11. 20 Access Control Lists in Linux
    12. 21 Certificate Store
    13. 22 Intrusion Detection with AIDE
  6. III Network Security
    1. 23 X Window System and X Authentication
    2. 24 SSH: Secure Network Operations
    3. 25 Masquerading and Firewalls
    4. 26 Configuring a VPN Server
    5. 27 Improving Network Security with sysctl Variables
    6. 28 Enabling FIPS 140-2
  7. IV Confining Privileges with AppArmor
    1. 29 Introducing AppArmor
    2. 30 Getting Started
    3. 31 Immunizing Programs
    4. 32 Profile Components and Syntax
    5. 33 AppArmor Profile Repositories
    6. 34 Building and Managing Profiles with YaST
    7. 35 Building Profiles from the Command Line
    8. 36 Profiling Your Web Applications Using ChangeHat
    9. 37 Confining Users with pam_apparmor
    10. 38 Managing Profiled Applications
    11. 39 Support
    12. 40 AppArmor Glossary
  8. V SELinux
    1. 41 Configuring SELinux
  9. VI The Linux Audit Framework
    1. 42 Understanding Linux Audit
    2. 43 Setting Up the Linux Audit Framework
    3. 44 Introducing an Audit Rule Set
    4. 45 Useful Resources
  10. A Achieving PCI DSS Compliance
  11. B Licencias GNU
Navigation
Applies to SUSE Linux Enterprise Server 15 SP2

37 Confining Users with pam_apparmor

An AppArmor profile applies to an executable program; if a portion of the program needs different access permissions than other portions need, the program can change hats via change_hat to a different role, also known as a subprofile. The pam_apparmor PAM module allows applications to confine authenticated users into subprofiles based on group names, user names, or a default profile. To accomplish this, pam_apparmor needs to be registered as a PAM session module.

The package pam_apparmor is not installed by default, you can install it using YaST or zypper. Details about how to set up and configure pam_apparmor can be found in /usr/share/doc/packages/pam_apparmor/README after the package has been installed. For details on PAM, refer to Chapter 3, Authentication with PAM.

Print this page