||07-13-2010 09:03 PM
Net-SNMP - Run a command as root with "extend" feature
Using the extend feature in snmpd.conf I can see the command is being ran as root but does not have root privs. Take this example of an snmpd.conf:
extend .1.4 test0 /usr/bin/whoami
extend .1.4 test1 /bin/touch /root/foo
...which gives the following output on a walk that shows that it runs everything as root, but cannot write to a directory which is writable by root.
.184.108.40.206.220.127.116.11.115.116.48 = STRING: "root"
.18.104.22.168.22.214.171.124.115.116.49 = STRING: "/bin/touch: cannot touch `/root/foo': Permission denied"
Even if I simply have snmpd.conf run a script which uses sudo, it fails with the error "sudo: can't set runas group vector: Operation not permitted". A line like this in the snmpd.conf gives the same error:
extend .1.4 test1 /usr/bin/sudo /bin/touch /root/foo
Running the sudo commands in a normal BASH session works fine so this is a net-snmp issue.
How can I get root access?