On Fri, Jan 06, 2012 at 09:47:09AM -0500, Edward Ned Harvey wrote:
> From: selinux-bounces(a)lists.fedoraproject.org [mailto:selinux-
> bounces(a)lists.fedoraproject.org] On Behalf Of Alain Williams
> I want one user to, on login, run a script setuid root -- it needs to be able to
> read all files in one part of the file system to back that part up to an externally
> mounted USB drive.
> I have a small setuid root program (written in C) that just runs the shell script.
This doesn't sound like a selinux thing. It sounds like you should probably just use
sudo. You should be able to add the "sudo /path/to/some/script" into your
.bash_login or something like that.
Sudo is a setuid root program (written in C) that allows you to run other things as other
users. It's highly stable and secure, probably much more reliable and secure than the
average homegrown C setuid root program. ;-)
You can configure sudo using the "visudo" command as root. You can configure
the behavior you want by adding a line like this:
awilliam ALL=(ALL) NOPASSWD: /path/to/some/script
This is what my workaround is. However: I would like to work out how to do it directly
by writing selinux rules/... - the purpose is as much to teach me how to do things
with selinux as to achive the end result.
So: back to my original question ....
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: