Elevate user privilege to root in CentOS

__vivek__ · 10-06-2014, 06:40 AM

I need to run a script when a particular user logs in, which along with other things need to be able to change IP address of machine too.

SO I created a user named vivek, set password and changed passwd file like -

vivek:x:5002:0::/home/vivek:/root/scripts/myscript.sh

now this scripts just copy the file /tmp/ifcfg-eth0 -> /etc/sysconfig/network-scripts/ifcfg-eth0

which fails with error msg::

cp: cannot create regular file `/etc/sysconfig/network-scripts/ifcfg-eth0': Permission denied

So Its clear that i am able to run script on login but it fails when it tries to copy ifcfg-eth0 file.

Any help will be appreciated..

Thanks

Armann · 10-06-2014, 07:06 AM

Checked /var/log/audit/audit.log ?
Maybe it's selinux ?

Armann · 10-06-2014, 07:09 AM

If you are running selinux, which you should

It's easier to figure out if there is a problem if you do this.

yum install setroubleshoot setools

sealert -a /var/log/audit/audit.log

unSpawn · 10-07-2014, 04:48 PM

Quote:

Originally Posted by __vivek__

Code:

cp: cannot create regular file `/etc/sysconfig/network-scripts/ifcfg-eth0': Permission denied

This isn't about SELinux but about DAC rights: reset "vivek" account to use uid 5002 and group 5002, set up SSH, force pubkey auth plus white list IP address, then set up Sudo and link command to user.