SELinux newbie help please
Alain Williams
addw at phcomp.co.uk
Thu Jan 5 15:42:03 UTC 2012
I am building a new machine and am trying very hard to not do as I have done before
and switch selinux off. I am having problems getting things to work.
I want one user to, on login, run a script setuid root -- it needs to be able to
read all files in one part of the file system to back that part up to an externally
mounted USB drive.
I have a small setuid root program (written in C) that just runs the shell script.
1) Making that setuid prgram user's login shell does not work. I could not see
what to do.
so I tried an intermediate step.
2) Giving the user a standard bash login shell, then running the setuid root program
at the command line does not do what I want. I put 'id' at the start of the script
and got:
uid=501(backup) gid=502(backup) groups=502(backup) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
I was expecting to see a 'uid=0'. The script then fails since it cannot do things
that I want it to.
I am running CentOS 6.
I have done a lot of reading, but end up going round in circles and much of what I read
seems to be out of date or refer to commands that I do not have.
I understand that I ought to perhaps produce a specific security profile for the 'backup'
user - but can't see how to start.
Any pointers would be gratefully received.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h>
More information about the selinux
mailing list