From: selinux-bounces(a)lists.fedoraproject.org [mailto:selinux-
bounces(a)lists.fedoraproject.org] On Behalf Of Alain Williams
I want one user to, on login, run a script setuid root -- it needs to be able to
read all files in one part of the file system to back that part up to an externally
mounted USB drive.
I have a small setuid root program (written in C) that just runs the shell script.
This doesn't sound like a selinux thing. It sounds like you should probably just use
sudo. You should be able to add the "sudo /path/to/some/script" into your
.bash_login or something like that.
Sudo is a setuid root program (written in C) that allows you to run other things as other
users. It's highly stable and secure, probably much more reliable and secure than the
average homegrown C setuid root program. ;-)
You can configure sudo using the "visudo" command as root. You can configure
the behavior you want by adding a line like this:
awilliam ALL=(ALL) NOPASSWD: /path/to/some/script