FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

LinkBack Thread Tools
Old 01-05-2012, 02:42 PM
Alain Williams
Default SELinux newbie help please

I am building a new machine and am trying very hard to not do as I have done before
and switch selinux off. I am having problems getting things to work.

I want one user to, on login, run a script setuid root -- it needs to be able to
read all files in one part of the file system to back that part up to an externally
mounted USB drive.

I have a small setuid root program (written in C) that just runs the shell script.

1) Making that setuid prgram user's login shell does not work. I could not see
what to do.

so I tried an intermediate step.

2) Giving the user a standard bash login shell, then running the setuid root program
at the command line does not do what I want. I put 'id' at the start of the script
and got:

uid=501(backup) gid=502(backup) groups=502(backup) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

I was expecting to see a 'uid=0'. The script then fails since it cannot do things
that I want it to.

I am running CentOS 6.

I have done a lot of reading, but end up going round in circles and much of what I read
seems to be out of date or refer to commands that I do not have.

I understand that I ought to perhaps produce a specific security profile for the 'backup'
user - but can't see how to start.

Any pointers would be gratefully received.

Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h>
selinux mailing list

Thread Tools

All times are GMT. The time now is 08:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org