r487 - community/trunk/SELinux_User_Guide/ru-RU
transif at fedoraproject.org
transif at fedoraproject.org
Tue Oct 5 13:04:56 UTC 2010
Author: transif
Date: 2010-10-05 13:04:55 +0000 (Tue, 05 Oct 2010)
New Revision: 487
Modified:
community/trunk/SELinux_User_Guide/ru-RU/Managing_Users.po
Log:
l10n: Updates to Russian (ru) translation
Transmitted-via: Transifex (translate.fedoraproject.org)
Modified: community/trunk/SELinux_User_Guide/ru-RU/Managing_Users.po
===================================================================
--- community/trunk/SELinux_User_Guide/ru-RU/Managing_Users.po 2010-10-04 10:13:01 UTC (rev 486)
+++ community/trunk/SELinux_User_Guide/ru-RU/Managing_Users.po 2010-10-05 13:04:55 UTC (rev 487)
@@ -1,442 +1,619 @@
-# SOME DESCRIPTIVE TITLE.
-# FIRST AUTHOR <EMAIL at ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: http://bugs.kde.org\n"
-"POT-Creation-Date: 2010-04-15T00:19:31\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
-"Language-Team: LANGUAGE <kde-i18n-doc at kde.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: application/x-xml2pot; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#. Tag: title
-#, no-c-format
-msgid "Confining Users"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"A number of confined SELinux users are available in Fedora &PRODVER;. "
-"Each Linux user is mapped to an SELinux user via SELinux policy, allowing "
-"Linux users to inherit the restrictions placed on SELinux users, for example "
-"(depending on the user), not being able to: run the X Window System; use "
-"networking; run setuid applications (unless SELinux policy permits it); or "
-"run the <command>su</command> and <command>sudo</command> commands. This "
-"helps protect the system from the user. Refer to <xref linkend=\"sect-"
-"Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users\" /> "
-"for further information about confined users."
-msgstr ""
-
-#. Tag: title
-#, no-c-format
-msgid "Linux and SELinux User Mappings"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"As the Linux root user, run the <command>semanage login -l</command> command "
-"to view the mapping between Linux users and SELinux users:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"In Fedora &PRODVER;, Linux users are mapped to the SELinux "
-"<computeroutput>__default__</computeroutput> login by default (which is in "
-"turn mapped to the SELinux <computeroutput>unconfined_u</computeroutput> "
-"user). When a Linux user is created with the <command>useradd</command> "
-"command, if no options are specified, they are mapped to the SELinux "
-"<computeroutput>unconfined_u</computeroutput> user. The following defines "
-"the default-mapping:"
-msgstr ""
-
-#. Tag: title
-#, no-c-format
-msgid "Confining New Linux Users: useradd"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"Linux users mapped to the SELinux <computeroutput>unconfined_u</"
-"computeroutput> user run in the <computeroutput>unconfined_t</"
-"computeroutput> domain. This is seen by running the <command>id -Z</command> "
-"command while logged-in as a Linux user mapped to "
-"<computeroutput>unconfined_u</computeroutput>:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"When Linux users run in the <computeroutput>unconfined_t</computeroutput> "
-"domain, SELinux policy rules are applied, but policy rules exist that allow "
-"Linux users running in the <computeroutput>unconfined_t</computeroutput> "
-"domain almost all access. If unconfined Linux users execute an application "
-"that SELinux policy defines can transition from the "
-"<computeroutput>unconfined_t</computeroutput> domain to its own confined "
-"domain, unconfined Linux users are still subject to the restrictions of that "
-"confined domain. The security benefit of this is that, even though a Linux "
-"user is running unconfined, the application remains confined, and therefore, "
-"the exploitation of a flaw in the application can be limited by policy. "
-"Note: this does not protect the system from the user. Instead, the user and "
-"the system are being protected from possible damage caused by a flaw in the "
-"application."
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"When creating Linux users with <command>useradd</command>, use the <option>-"
-"Z</option> option to specify which SELinux user they are mapped to. The "
-"following example creates a new Linux user, useruuser, and maps that user to "
-"the SELinux <computeroutput>user_u</computeroutput> user. Linux users mapped "
-"to the SELinux <computeroutput>user_u</computeroutput> user run in the "
-"<computeroutput>user_t</computeroutput> domain. In this domain, Linux users "
-"are unable to run setuid applications unless SELinux policy permits it (such "
-"as <command>passwd</command>), and can not run <command>su</command> or "
-"<command>sudo</command>, preventing them from becoming the Linux root user "
-"with these commands."
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"As the Linux root user, run the <command>/usr/sbin/useradd -Z user_u "
-"useruuser</command> command to create a new Linux user (useruuser) that is "
-"mapped to the SELinux <computeroutput>user_u</computeroutput> user."
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"As the Linux root user, run the <command>semanage login -l</command> command "
-"to view the mapping between the Linux <computeroutput>useruuser</"
-"computeroutput> user and <computeroutput>user_u</computeroutput>:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"As the Linux root user, run the <command>passwd useruuser</command> command "
-"to assign a password to the Linux useruuser user:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"Log out of your current session, and log in as the Linux useruuser user. "
-"When you log in, pam_selinux maps the Linux user to an SELinux user (in this "
-"case, <computeroutput>user_u</computeroutput>), and sets up the resulting "
-"SELinux context. The Linux user's shell is then launched with this context. "
-"Run the <command>id -Z</command> command to view the context of a Linux user:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"Log out of the Linux useruuser's session, and log back in with your account. "
-"If you do not want the Linux useruuser user, run the <command>/usr/sbin/"
-"userdel -r useruuser</command> command as the Linux root user to remove it, "
-"along with its home directory."
-msgstr ""
-
-#. Tag: title
-#, no-c-format
-msgid "Confining Existing Linux Users: semanage login"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"If a Linux user is mapped to the SELinux <computeroutput>unconfined_u</"
-"computeroutput> user (the default behavior), and you would like to change "
-"which SELinux user they are mapped to, use the <command>semanage login</"
-"command> command. The following example creates a new Linux user named "
-"newuser, then maps that Linux user to the SELinux <computeroutput>user_u</"
-"computeroutput> user:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"As the Linux root user, run the <command>/usr/sbin/useradd newuser</command> "
-"command to create a new Linux user (newuser). Since this user uses the "
-"default mapping, it does not appear in the <command>/usr/sbin/semanage login "
-"-l</command> output:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"To map the Linux newuser user to the SELinux <computeroutput>user_u</"
-"computeroutput> user, run the following command as the Linux root user:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid "<command>/usr/sbin/semanage login -a -s user_u newuser</command>"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"The <option>-a</option> option adds a new record, and the <option>-s</"
-"option> option specifies the SELinux user to map a Linux user to. The last "
-"argument, <computeroutput>newuser</computeroutput>, is the Linux user you "
-"want mapped to the specified SELinux user."
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"To view the mapping between the Linux newuser user and "
-"<computeroutput>user_u</computeroutput>, run the <command>semanage login -l</"
-"command> command as the Linux root user:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"As the Linux root user, run the <command>passwd newuser</command> command to "
-"assign a password to the Linux newuser user:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"Log out of your current session, and log in as the Linux newuser user. Run "
-"the <command>id -Z</command> command to view the newuser's SELinux context:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"Log out of the Linux newuser's session, and log back in with your account. "
-"If you do not want the Linux newuser user, run the <command>userdel -r "
-"newuser</command> command as the Linux root user to remove it, along with "
-"its home directory. Also, the mapping between the Linux newuser user and "
-"<computeroutput>user_u</computeroutput> is removed:"
-msgstr ""
-
-#. Tag: title
-#, no-c-format
-msgid "Changing the Default Mapping"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"In Fedora &PRODVER;, Linux users are mapped to the SELinux "
-"<computeroutput>__default__</computeroutput> login by default (which is in "
-"turn mapped to the SELinux <computeroutput>unconfined_u</computeroutput> "
-"user). If you would like new Linux users, and Linux users not specifically "
-"mapped to an SELinux user to be confined by default, change the default "
-"mapping with the <command>semanage login</command> command."
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"For example, run the following command as the Linux root user to change the "
-"default mapping from <computeroutput>unconfined_u</computeroutput> to "
-"<computeroutput>user_u</computeroutput>:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"<command>/usr/sbin/semanage login -m -S targeted -s \"user_u\" -r s0 "
-"__default__</command>"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"Run the <command>semanage login -l</command> command as the Linux root user "
-"to verify the <computeroutput>__default__</computeroutput> login is mapped "
-"to <computeroutput>user_u</computeroutput>:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"If a new Linux user is created and an SELinux user is not specified, or if "
-"an existing Linux user logs in and does not match a specific entry from the "
-"<command>semanage login -l</command> output, they are mapped to "
-"<computeroutput>user_u</computeroutput>, as per the "
-"<computeroutput>__default__</computeroutput> login."
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"To change back to the default behavior, run the following command as the "
-"Linux root user to map the <computeroutput>__default__</computeroutput> "
-"login to the SELinux <computeroutput>unconfined_u</computeroutput> user:"
-msgstr ""
-
-#. Tag: title
-#, no-c-format
-msgid "xguest: Kiosk Mode"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"The <package>xguest</package> package provides a kiosk user account. This "
-"account is used to secure machines that people walk up to and use, such as "
-"those at libraries, banks, airports, information kiosks, and coffee shops. "
-"The kiosk user account is very limited: essentially, it only allows users to "
-"log in and use <application>Firefox</application> to browse Internet "
-"websites. Any changes made while logged in with his account, such as "
-"creating files or changing settings, are lost when you log out."
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid "To set up the kiosk account:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"As the Linux root user, run <command>yum install xguest</command> command to "
-"install the <package>xguest</package> package. Install dependencies as "
-"required."
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"In order to allow the kiosk account to be used by a variety of people, the "
-"account is not password-protected, and as such, the account can only be "
-"protected if SELinux is running in enforcing mode. Before logging in with "
-"this account, use the <command>getenforce</command> command to confirm that "
-"SELinux is running in enforcing mode:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"If this is not the case, refer to <xref linkend=\"sect-Security-"
-"Enhanced_Linux-Working_with_SELinux-SELinux_Modes\" /> for information about "
-"changing to enforcing mode. It is not possible to log in with this account "
-"if SELinux is in permissive mode or disabled."
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"You can only log in to this account via the GNOME Display Manager (GDM). "
-"Once the <package>xguest</package> package is installed, a "
-"<computeroutput>Guest</computeroutput> account is added to GDM. To log in, "
-"click on the <computeroutput>Guest</computeroutput> account:"
-msgstr ""
-
-#. Tag: title
-#, no-c-format
-msgid "Booleans for Users Executing Applications"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"Not allowing Linux users to execute applications (which inherit users' "
-"permissions) in their home directories and <filename>/tmp/</filename>, which "
-"they have write access to, helps prevent flawed or malicious applications "
-"from modifying files that users own. In Fedora &PRODVER;, by default, "
-"Linux users in the <computeroutput>guest_t</computeroutput> and "
-"<computeroutput>xguest_t</computeroutput> domains can not execute "
-"applications in their home directories or <filename>/tmp/</filename>; "
-"however, by default, Linux users in the <computeroutput>user_t</"
-"computeroutput> and <computeroutput>staff_t</computeroutput> domains can."
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"Booleans are available to change this behavior, and are configured with the "
-"<command>setsebool</command> command. The <command>setsebool</command> "
-"command must be run as the Linux root user. The <command>setsebool -P</"
-"command> command makes persistent changes. Do not use the <option>-P</"
-"option> option if you do not want changes to persist across reboots:"
-msgstr ""
-
-#. Tag: title
-#, no-c-format
-msgid "guest_t"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"To <emphasis>allow</emphasis> Linux users in the <computeroutput>guest_t</"
-"computeroutput> domain to execute applications in their home directories and "
-"<filename>/tmp/</filename>:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid "<command>/usr/sbin/setsebool -P allow_guest_exec_content on</command>"
-msgstr ""
-
-#. Tag: title
-#, no-c-format
-msgid "xguest_t"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"To <emphasis>allow</emphasis> Linux users in the <computeroutput>xguest_t</"
-"computeroutput> domain to execute applications in their home directories and "
-"<filename>/tmp/</filename>:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid "<command>/usr/sbin/setsebool -P allow_xguest_exec_content on</command>"
-msgstr ""
-
-#. Tag: title
-#, no-c-format
-msgid "user_t"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"To <emphasis>prevent</emphasis> Linux users in the <computeroutput>user_t</"
-"computeroutput> domain from executing applications in their home directories "
-"and <filename>/tmp/</filename>:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid "<command>/usr/sbin/setsebool -P allow_user_exec_content off</command>"
-msgstr ""
-
-#. Tag: title
-#, no-c-format
-msgid "staff_t"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid ""
-"To <emphasis>prevent</emphasis> Linux users in the <computeroutput>staff_t</"
-"computeroutput> domain from executing applications in their home directories "
-"and <filename>/tmp/</filename>:"
-msgstr ""
-
-#. Tag: para
-#, no-c-format
-msgid "<command>/usr/sbin/setsebool -P allow_staff_exec_content off</command>"
-msgstr ""
+# SOME DESCRIPTIVE TITLE.
+# FIRST AUTHOR <EMAIL at ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: SELinux User Guide\n"
+"Report-Msgid-Bugs-To: http://bugs.kde.org\n"
+"POT-Creation-Date: 2010-04-15T00:19:31\n"
+"PO-Revision-Date: 2010-10-04 \n"
+"Last-Translator: Alexey Cicin <daydrim at gmail.com>\n"
+"Language-Team: trans-ru <trans-ru at lists.fedoraproject.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Russian\n"
+"X-Poedit-Country: RUSSIAN FEDERATION\n"
+"X-Poedit-SourceCharset: utf-8\n"
+
+#. Tag: title
+#, no-c-format
+msgid "Confining Users"
+msgstr "Ограничение пользователей"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"A number of confined SELinux users are available in Fedora &PRODVER;. "
+"Each Linux user is mapped to an SELinux user via SELinux policy, allowing "
+"Linux users to inherit the restrictions placed on SELinux users, for example "
+"(depending on the user), not being able to: run the X Window System; use "
+"networking; run setuid applications (unless SELinux policy permits it); or "
+"run the <command>su</command> and <command>sudo</command> commands. This "
+"helps protect the system from the user. Refer to <xref linkend=\"sect-"
+"Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users\" /> "
+"for further information about confined users."
+msgstr ""
+"Множество ограниченных пользователей доступно в Fedora &PRODVER;. "
+"Каждый пользователь Linux сопоставлен пользователю SELinux через политику "
+"SELinux, позволяя польователям Linux наследовать ограничения установленные "
+"для пользователей SELinux, например (в зависимости от пользователя), нет "
+"возможности запускать: X Window System; использовать сетевые функции; "
+"запускать setuid приложения (до тех пор, пока политика SELinux не разрешит "
+"это); или выполнять команды <command>su</command> и <command>sudo</command>. "
+"Это помогает защитить систему от пользователя. Дополнительная информация "
+"<xref linkend=\"sect-Security-Enhanced_Linux-Targeted_Policy-"
+"Confined_and_Unconfined_Users\" /> об ограничении пользователей доступна по "
+"ссылке."
+
+#. Tag: title
+#, no-c-format
+msgid "Linux and SELinux User Mappings"
+msgstr "Сопоставление пользователей Linux и SELinux"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"As the Linux root user, run the <command>semanage login -l</command> command "
+"to view the mapping between Linux users and SELinux users:"
+msgstr ""
+"От имени пользователя root, выполните команду <command>semanage login -l</"
+"command> для просмотра сопоставлений между пользователями Linux и SELinux:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"In Fedora &PRODVER;, Linux users are mapped to the SELinux "
+"<computeroutput>__default__</computeroutput> login by default (which is in "
+"turn mapped to the SELinux <computeroutput>unconfined_u</computeroutput> "
+"user). When a Linux user is created with the <command>useradd</command> "
+"command, if no options are specified, they are mapped to the SELinux "
+"<computeroutput>unconfined_u</computeroutput> user. The following defines "
+"the default-mapping:"
+msgstr ""
+"В Fedora &PRODVER;, пользователи Linux по-умолчанию сопоставлены с "
+"логином <computeroutput>__default__</computeroutput> SELinux (который в свою "
+"очередь сопоставлен пользователю <computeroutput>unconfined_u</"
+"computeroutput> SELinux). Когда пользователь Linux создаётся с помощью "
+"команды <command>useradd</command>, если не указаны дополнительные опции, он "
+"сопоставляется пользователю SELinux <computeroutput>unconfined_u</"
+"computeroutput>. Ниже определяется сопоставление по-умолчанию:"
+
+#. Tag: title
+#, no-c-format
+msgid "Confining New Linux Users: useradd"
+msgstr "Ограничение новых пользователей Linux: useradd"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"Linux users mapped to the SELinux <computeroutput>unconfined_u</"
+"computeroutput> user run in the <computeroutput>unconfined_t</"
+"computeroutput> domain. This is seen by running the <command>id -Z</command> "
+"command while logged-in as a Linux user mapped to "
+"<computeroutput>unconfined_u</computeroutput>:"
+msgstr ""
+"Пользователи Linux сопоставлены пользователю SELinux "
+"<computeroutput>unconfined_u</computeroutput>, работающем в домене "
+"<computeroutput>unconfined_t</computeroutput>. Это можно увидеть, выполнив "
+"команду <command>id -Z</command>, если войти от имени пользователя "
+"сопоставленному <computeroutput>unconfined_u</computeroutput>:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"When Linux users run in the <computeroutput>unconfined_t</computeroutput> "
+"domain, SELinux policy rules are applied, but policy rules exist that allow "
+"Linux users running in the <computeroutput>unconfined_t</computeroutput> "
+"domain almost all access. If unconfined Linux users execute an application "
+"that SELinux policy defines can transition from the "
+"<computeroutput>unconfined_t</computeroutput> domain to its own confined "
+"domain, unconfined Linux users are still subject to the restrictions of that "
+"confined domain. The security benefit of this is that, even though a Linux "
+"user is running unconfined, the application remains confined, and therefore, "
+"the exploitation of a flaw in the application can be limited by policy. "
+"Note: this does not protect the system from the user. Instead, the user and "
+"the system are being protected from possible damage caused by a flaw in the "
+"application."
+msgstr ""
+"Когда пользователь Linux работает в домене <computeroutput>unconfined_t</"
+"computeroutput>, применяются правила политики SELinux, но существуют правила "
+"политики SELinux, которые позволяют пользователям работать в домене "
+"<computeroutput>unconfined_t</computeroutput> с практически, полным "
+"доступом. Если неограниченные (unconfined) пользователи Linux выполняют "
+"приложение, для которого политика SELinux определяет переход (transition) из "
+"домена <computeroutput>unconfined_t</computeroutput> в свой собственный "
+"домен, то неограниченные пользователи Linux являются субъектами ограничений "
+"в этом ограниченном домене. Преимущество безопасности заключается в том, "
+"что, даже учитывая, что пользователь Linux работает неограниченно, "
+"приложение остается ограниченным, кроме того, уязвимость утечки в "
+"приложении, может быть ограничено политикой. Примечание: Это не защищает "
+"систему от пользователя. Вместо этого, пользователь и система защищаются от "
+"возможного вреда, вызванного утечками в приложении."
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"When creating Linux users with <command>useradd</command>, use the <option>-"
+"Z</option> option to specify which SELinux user they are mapped to. The "
+"following example creates a new Linux user, useruuser, and maps that user to "
+"the SELinux <computeroutput>user_u</computeroutput> user. Linux users mapped "
+"to the SELinux <computeroutput>user_u</computeroutput> user run in the "
+"<computeroutput>user_t</computeroutput> domain. In this domain, Linux users "
+"are unable to run setuid applications unless SELinux policy permits it (such "
+"as <command>passwd</command>), and can not run <command>su</command> or "
+"<command>sudo</command>, preventing them from becoming the Linux root user "
+"with these commands."
+msgstr ""
+"При создании пользователей Linux с помощью команды <command>useradd</"
+"command>, используйте опцию <option>-Z</option> для того, чтобы указать "
+"какому пользователю SELinux они сопоставляются. В следующем примере "
+"создается новый пользователь Linux, useruuser и сопоставляется пользователю "
+"SELinux <computeroutput>user_u</computeroutput>. Пользователь Linux, "
+"сопоставленный пользователю SELinux <computeroutput>user_u</computeroutput> "
+"работает в домене <computeroutput>user_t</computeroutput>. В этом домене, "
+"пользователи Linux не имеют возможности запускать setuid приложения до тех "
+"пор, пока политика SELinux не разрешит это (такие как <command>passwd</"
+"command>), и не могут выполнить <command>su</command> или <command>sudo</"
+"command>, препятствуя им повысить права до уровня root пользователя с "
+"помощью данных команд."
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"As the Linux root user, run the <command>/usr/sbin/useradd -Z user_u "
+"useruuser</command> command to create a new Linux user (useruuser) that is "
+"mapped to the SELinux <computeroutput>user_u</computeroutput> user."
+msgstr ""
+"От имени пользователя root, выполните команду <command>/usr/sbin/useradd -Z "
+"user_u useruuser</command> для создания нового пользователя Linux "
+"(useruser), который сопоставлен пользователю SELinux <computeroutput>user_u</"
+"computeroutput>."
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"As the Linux root user, run the <command>semanage login -l</command> command "
+"to view the mapping between the Linux <computeroutput>useruuser</"
+"computeroutput> user and <computeroutput>user_u</computeroutput>:"
+msgstr ""
+"От имени пользователя root, выполните команду <command>semanage login -l</"
+"command> для просмотра сопоставлений между пользователем Linux "
+"<computeroutput>useruuser</computeroutput> и <computeroutput>user_u</"
+"computeroutput>:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"As the Linux root user, run the <command>passwd useruuser</command> command "
+"to assign a password to the Linux useruuser user:"
+msgstr ""
+"От имени пользователя root, выполните команду <command>passwd useruuser</"
+"command> для назначения пароля пользователю useruser:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"Log out of your current session, and log in as the Linux useruuser user. "
+"When you log in, pam_selinux maps the Linux user to an SELinux user (in this "
+"case, <computeroutput>user_u</computeroutput>), and sets up the resulting "
+"SELinux context. The Linux user's shell is then launched with this context. "
+"Run the <command>id -Z</command> command to view the context of a Linux user:"
+msgstr ""
+"Завершите текущий сеанс, и откройте новый сеанс от имени пользователя "
+"useruuser. Когда выполняется вход, pam_selinux сопоставляет пользователя "
+"Linux, пользователю SELinux (в данном случае, <computeroutput>user_u</"
+"computeroutput>) и устанавливает результирующий SELinux контекст. "
+"Пользовательский shell запускается с этим контекстом. Выполните команду "
+"<command>id -Z</command> для просмотра контекста пользователя Linux:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"Log out of the Linux useruuser's session, and log back in with your account. "
+"If you do not want the Linux useruuser user, run the <command>/usr/sbin/"
+"userdel -r useruuser</command> command as the Linux root user to remove it, "
+"along with its home directory."
+msgstr ""
+"Завершите сеанс пользователя useruuser и выполните вход вашей учетной "
+"записью. Если пользователь useruser больше не требуется, выполните команду "
+"<command>/usr/sbin/userdel -r useruser</command> от имени пользователя root "
+"для удаления учетной записи, вместе с его домашним каталогом."
+
+#. Tag: title
+#, no-c-format
+msgid "Confining Existing Linux Users: semanage login"
+msgstr "Ограничение существующих пользователей Linux: semanage login"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"If a Linux user is mapped to the SELinux <computeroutput>unconfined_u</"
+"computeroutput> user (the default behavior), and you would like to change "
+"which SELinux user they are mapped to, use the <command>semanage login</"
+"command> command. The following example creates a new Linux user named "
+"newuser, then maps that Linux user to the SELinux <computeroutput>user_u</"
+"computeroutput> user:"
+msgstr ""
+"Если пользователь SELinux сопоставлен пользователю "
+"<computeroutput>unconfined_u</computeroutput> (в конфигурации по-умолчанию), "
+"и если вам необходимо изменить контекст сопоставляемого пользователя "
+"SELinux, с помощью команда <command>semanage login</command>. В следующем "
+"примере создаётся новый Linux называется newuser, который сопоставлен "
+"пользователю SELinux <computeroutput>user_u</computeroutput>:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"As the Linux root user, run the <command>/usr/sbin/useradd newuser</command> "
+"command to create a new Linux user (newuser). Since this user uses the "
+"default mapping, it does not appear in the <command>/usr/sbin/semanage login "
+"-l</command> output:"
+msgstr ""
+"От имени пользователя Linux, выполните команду <command>/usr/sbin/useradd "
+"newuser</command> для создания нового пользователя (newuser). Так как этот "
+"пользователь использует сопоставление по умолчанию, он не появляется в "
+"выводе <command>/usr/sbin/semanage login -l</command>:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"To map the Linux newuser user to the SELinux <computeroutput>user_u</"
+"computeroutput> user, run the following command as the Linux root user:"
+msgstr ""
+"Для сопоставления пользователя newuser пользователю SELinux "
+"<computeroutput>user_u</computeroutput>, выполните следующую команду от "
+"имени пользователя root:"
+
+#. Tag: para
+#, no-c-format
+msgid "<command>/usr/sbin/semanage login -a -s user_u newuser</command>"
+msgstr "<command>/usr/sbin/semanage login -a -s user_u newuser</command>"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"The <option>-a</option> option adds a new record, and the <option>-s</"
+"option> option specifies the SELinux user to map a Linux user to. The last "
+"argument, <computeroutput>newuser</computeroutput>, is the Linux user you "
+"want mapped to the specified SELinux user."
+msgstr ""
+"Опция <option>-a</option> добавляет новую запись и опция <option>-s</option> "
+"указывает пользователя SELinux для сопоставления пользователю Linux. "
+"Последний аргумент <computeroutput>newuser</computeroutput> - это "
+"пользователь Linux которому сопоставляется указанный пользователь SELinux."
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"To view the mapping between the Linux newuser user and "
+"<computeroutput>user_u</computeroutput>, run the <command>semanage login -l</"
+"command> command as the Linux root user:"
+msgstr ""
+"Для просмотра сопоставлений между пользователем Linux и "
+"<computeroutput>user_u</computeroutput>, выполните команду <command>semanage "
+"login -l</command> от имени пользователя root:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"As the Linux root user, run the <command>passwd newuser</command> command to "
+"assign a password to the Linux newuser user:"
+msgstr ""
+"От имени пользователя root, выполните команду <command>passwd newuser</"
+"command> для назначения пароля пользователю newuser:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"Log out of your current session, and log in as the Linux newuser user. Run "
+"the <command>id -Z</command> command to view the newuser's SELinux context:"
+msgstr ""
+"Завершите текущую сессию и выполните вход от имени пользователя newuser. "
+"Выполните команду <command>id -Z</command> для просмотра пользователя "
+"newuser контекста SELinux:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"Log out of the Linux newuser's session, and log back in with your account. "
+"If you do not want the Linux newuser user, run the <command>userdel -r "
+"newuser</command> command as the Linux root user to remove it, along with "
+"its home directory. Also, the mapping between the Linux newuser user and "
+"<computeroutput>user_u</computeroutput> is removed:"
+msgstr ""
+"Завершите текущую сессию newuser и выполните вход с вашей учетной записью. "
+"Если пользователь newuser больше не требуется, выполните команду "
+"<command>userdel -r newuser</command> от имени пользователя root для "
+"удаления учетной записи, вместе с его домашним каталогом. Также, "
+"сопоставлние между пользователем newuser и <computeroutput>user_u</"
+"computeroutput> удаляется:"
+
+#. Tag: title
+#, no-c-format
+msgid "Changing the Default Mapping"
+msgstr "Изменение сопоставлений по-умолчанию"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"In Fedora &PRODVER;, Linux users are mapped to the SELinux "
+"<computeroutput>__default__</computeroutput> login by default (which is in "
+"turn mapped to the SELinux <computeroutput>unconfined_u</computeroutput> "
+"user). If you would like new Linux users, and Linux users not specifically "
+"mapped to an SELinux user to be confined by default, change the default "
+"mapping with the <command>semanage login</command> command."
+msgstr ""
+"В Fedora &PRODVER;, пользователь Linux сопоставлен пользователю SELinux "
+"<computeroutput>__default__</computeroutput> по-умолчанию (который в свою "
+"очередь сопоставлен пользователю SELinux <computeroutput>unconfined_u</"
+"computeroutput>). Если необходимо создать новых пользователей Linux и "
+"пользователи Linux не сопоставлены пользователю SELinux ограниченному по-"
+"умолчанию, измените сопотавление по-умолчанию командой <command>semanage "
+"login</command>."
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"For example, run the following command as the Linux root user to change the "
+"default mapping from <computeroutput>unconfined_u</computeroutput> to "
+"<computeroutput>user_u</computeroutput>:"
+msgstr ""
+"Например, выполните команду от имени пользователя root для изменения "
+"сопоставления по-умолчанию от <computeroutput>unconfined_u</computeroutput> "
+"на <computeroutput>user_u</computeroutput>:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"<command>/usr/sbin/semanage login -m -S targeted -s \"user_u\" -r s0 "
+"__default__</command>"
+msgstr ""
+"<command>/usr/sbin/semanage login -m -S targeted -s \"user_u\" -r s0 "
+"__default__</command>"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"Run the <command>semanage login -l</command> command as the Linux root user "
+"to verify the <computeroutput>__default__</computeroutput> login is mapped "
+"to <computeroutput>user_u</computeroutput>:"
+msgstr ""
+"Выполните команду <command>semanage login -l</command> от имени пользователя "
+"root для проверки того, что логин <computeroutput>__default__</"
+"computeroutput> сопоставлен <computeroutput>user_u</computeroutput>:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"If a new Linux user is created and an SELinux user is not specified, or if "
+"an existing Linux user logs in and does not match a specific entry from the "
+"<command>semanage login -l</command> output, they are mapped to "
+"<computeroutput>user_u</computeroutput>, as per the "
+"<computeroutput>__default__</computeroutput> login."
+msgstr ""
+"Если создается новый пользователь Linux и пользователь SELinux не указан, "
+"или если существующий пользователь Linux выполняет вход и не соответствует "
+"определенной записи из вывода <command>semanage login -l</command>, они "
+"сопоставляются <computeroutput>user_u</computeroutput>, и соответственно "
+"<computeroutput>__default__</computeroutput> логину."
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"To change back to the default behavior, run the following command as the "
+"Linux root user to map the <computeroutput>__default__</computeroutput> "
+"login to the SELinux <computeroutput>unconfined_u</computeroutput> user:"
+msgstr ""
+"Для возвращения изменений к поведению по-умолчанию, выполните следующую "
+"команду от имени пользователя root для сопоставления "
+"<computeroutput>__default__</computeroutput> логина к пользователю SELinux "
+"<computeroutput>unconfined_u</computeroutput>:"
+
+#. Tag: title
+#, no-c-format
+msgid "xguest: Kiosk Mode"
+msgstr "xguest: Режим Kiosk"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"The <package>xguest</package> package provides a kiosk user account. This "
+"account is used to secure machines that people walk up to and use, such as "
+"those at libraries, banks, airports, information kiosks, and coffee shops. "
+"The kiosk user account is very limited: essentially, it only allows users to "
+"log in and use <application>Firefox</application> to browse Internet "
+"websites. Any changes made while logged in with his account, such as "
+"creating files or changing settings, are lost when you log out."
+msgstr ""
+"Пакет <package>xguest</package> предоставляет учетную запись kiosk. Эта "
+"учетная запись использует для безопасного механизма "
+
+#. Tag: para
+#, no-c-format
+msgid "To set up the kiosk account:"
+msgstr "Для настройки учетной записи kiosk:"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"As the Linux root user, run <command>yum install xguest</command> command to "
+"install the <package>xguest</package> package. Install dependencies as "
+"required."
+msgstr ""
+"От имени пользователя root, выполните команду <command>yum install xguest</"
+"command> для установки пакета <package>xguest</package>. Установите "
+"зависимости, по необходимости."
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"In order to allow the kiosk account to be used by a variety of people, the "
+"account is not password-protected, and as such, the account can only be "
+"protected if SELinux is running in enforcing mode. Before logging in with "
+"this account, use the <command>getenforce</command> command to confirm that "
+"SELinux is running in enforcing mode:"
+msgstr ""
+"В порядке предоставления учетной записи kiosk в использование множеством "
+"людей, учетная запись не будет защищена паролем, и как следствие, учетная "
+"запись может быть защищена только, если SELinux запущен в принудительном "
+"(enforcing) режиме. Перед тем как выполнить авторизацию с данной учетной "
+"записью, используйте команду <command>getenforce</command> для того, чтобы "
+"убедиться, что SELinux запущен в принудительном (enforcing) режиме."
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"If this is not the case, refer to <xref linkend=\"sect-Security-"
+"Enhanced_Linux-Working_with_SELinux-SELinux_Modes\" /> for information about "
+"changing to enforcing mode. It is not possible to log in with this account "
+"if SELinux is in permissive mode or disabled."
+msgstr ""
+"Если это не так, руководствуйтесь <xref linkend=\"sect-Security-"
+"Enhanced_Linux-Working_with_SELinux-SELinux_Modes\" /> об информации о смене "
+"режима в принудительный (enforcing). Невозможно выполнить авторизацию с этой "
+"учетной записью, если SELinux в разрешеительном (permissive) режиме или "
+"отключен."
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"You can only log in to this account via the GNOME Display Manager (GDM). "
+"Once the <package>xguest</package> package is installed, a "
+"<computeroutput>Guest</computeroutput> account is added to GDM. To log in, "
+"click on the <computeroutput>Guest</computeroutput> account:"
+msgstr ""
+"Вы можете выполнить вход с данной учетной записью через GNOME Display "
+"Manager (GDM). Так как пакет <package>xguest</package> установлен, учетная "
+"запись <computeroutput>Guest</computeroutput> добавлена в GDM. Для "
+"выполнения входа кликните по учетной записи <computeroutput>Guest</"
+"computeroutput>:"
+
+#. Tag: title
+#, no-c-format
+msgid "Booleans for Users Executing Applications"
+msgstr "Булевы переключатели для пользователей, выполняющих приложения"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"Not allowing Linux users to execute applications (which inherit users' "
+"permissions) in their home directories and <filename>/tmp/</filename>, which "
+"they have write access to, helps prevent flawed or malicious applications "
+"from modifying files that users own. In Fedora &PRODVER;, by default, "
+"Linux users in the <computeroutput>guest_t</computeroutput> and "
+"<computeroutput>xguest_t</computeroutput> domains can not execute "
+"applications in their home directories or <filename>/tmp/</filename>; "
+"however, by default, Linux users in the <computeroutput>user_t</"
+"computeroutput> and <computeroutput>staff_t</computeroutput> domains can."
+msgstr ""
+"Не позволяют пользователям Linux выполнять приложения (которые наследуют "
+"права пользователя) в их домашних каталогах и <filename>/tmp/</filename>, в "
+"которые у них есть права на запись, помогают предотвратить утечку или "
+"выполнение вредоносных приложений от модифицирования файлов, которыми "
+"владеет пользователь. В Fedora &PRODVER;, по-умолчанию, пользователи "
+"Linux в доменах <computeroutput>guest_t</computeroutput> и "
+"<computeroutput>xguest_t</computeroutput> не могут выполнять приложения в "
+"своих домашних каталогах или <filename>/tmp/</filename>; однако, по-"
+"умолчанию, пользователи Linux в доменах <computeroutput>user_t</"
+"computeroutput> и <computeroutput>staff_t</computeroutput> - могут."
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"Booleans are available to change this behavior, and are configured with the "
+"<command>setsebool</command> command. The <command>setsebool</command> "
+"command must be run as the Linux root user. The <command>setsebool -P</"
+"command> command makes persistent changes. Do not use the <option>-P</"
+"option> option if you do not want changes to persist across reboots:"
+msgstr ""
+"Булевы переключатели могут измененить данное поведение, и конфигурируются с "
+"помощью команды <command>setsebool</command>. Команда <command>setsebool</"
+"command> должна запускать от имени пользователя root. Команда "
+"<command>setsebool -P</command> делает изменение постоянным. Не используйте "
+"опцию <option>-P</option>, если не требутеся внесение постоянных изменений, "
+"сохраняющихся после перезагрузки системы:"
+
+#. Tag: title
+#, no-c-format
+msgid "guest_t"
+msgstr "guest_t"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"To <emphasis>allow</emphasis> Linux users in the <computeroutput>guest_t</"
+"computeroutput> domain to execute applications in their home directories and "
+"<filename>/tmp/</filename>:"
+msgstr ""
+"Для предоставления прав <emphasis>allow</emphasis> пользователям Linux в "
+"домене <computeroutput>guest_t</computeroutput> на выполнение в их домашних "
+"каталогах и <filename>/tmp/</filename>:"
+
+#. Tag: para
+#, no-c-format
+msgid "<command>/usr/sbin/setsebool -P allow_guest_exec_content on</command>"
+msgstr "<command>/usr/sbin/setsebool -P allow_guest_exec_content on</command>"
+
+#. Tag: title
+#, no-c-format
+msgid "xguest_t"
+msgstr "xguest_t"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"To <emphasis>allow</emphasis> Linux users in the <computeroutput>xguest_t</"
+"computeroutput> domain to execute applications in their home directories and "
+"<filename>/tmp/</filename>:"
+msgstr ""
+"Для предоставления прав <emphasis>allow</emphasis> пользователям Linux в "
+"домене <computeroutput>xguest_t</computeroutput> на выполнение в их домашних "
+"каталогах и <filename>/tmp/</filename>:"
+
+#. Tag: para
+#, no-c-format
+msgid "<command>/usr/sbin/setsebool -P allow_xguest_exec_content on</command>"
+msgstr "<command>/usr/sbin/setsebool -P allow_xguest_exec_content on</command>"
+
+#. Tag: title
+#, no-c-format
+msgid "user_t"
+msgstr "user_t"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"To <emphasis>prevent</emphasis> Linux users in the <computeroutput>user_t</"
+"computeroutput> domain from executing applications in their home directories "
+"and <filename>/tmp/</filename>:"
+msgstr ""
+"Для предоставления прав <emphasis>allow</emphasis> пользователям Linux в "
+"домене <computeroutput>user_t</computeroutput> на выполнение в их домашних "
+"каталогах и <filename>/tmp/</filename>:"
+
+#. Tag: para
+#, no-c-format
+msgid "<command>/usr/sbin/setsebool -P allow_user_exec_content off</command>"
+msgstr "<command>/usr/sbin/setsebool -P allow_user_exec_content off</command>"
+
+#. Tag: title
+#, no-c-format
+msgid "staff_t"
+msgstr "staff_t"
+
+#. Tag: para
+#, no-c-format
+msgid ""
+"To <emphasis>prevent</emphasis> Linux users in the <computeroutput>staff_t</"
+"computeroutput> domain from executing applications in their home directories "
+"and <filename>/tmp/</filename>:"
+msgstr ""
+"Для предоставления прав <emphasis>allow</emphasis> пользователям Linux в "
+"домене <computeroutput>staff_t</computeroutput> на выполнение в их домашних "
+"каталогах и <filename>/tmp/</filename>:"
+
+#. Tag: para
+#, no-c-format
+msgid "<command>/usr/sbin/setsebool -P allow_staff_exec_content off</command>"
+msgstr "<command>/usr/sbin/setsebool -P allow_staff_exec_content off</command>"
More information about the docs-commits
mailing list