gimpy530 |
07-13-2010 09:03 PM |
Net-SNMP - Run a command as root with "extend" feature
Using the extend feature in snmpd.conf I can see the command is being ran as root but does not have root privs. Take this example of an snmpd.conf:
Code:
rocommunity whatev
extend .1.4 test0 /usr/bin/whoami
extend .1.4 test1 /bin/touch /root/foo
...which gives the following output on a walk that shows that it runs everything as root, but cannot write to a directory which is writable by root.
Code:
.1.4.3.1.1.5.116.101.115.116.48 = STRING: "root"
.1.4.3.1.1.5.116.101.115.116.49 = STRING: "/bin/touch: cannot touch `/root/foo': Permission denied"
Even if I simply have snmpd.conf run a script which uses sudo, it fails with the error "sudo: can't set runas group vector: Operation not permitted". A line like this in the snmpd.conf gives the same error:
Code:
extend .1.4 test1 /usr/bin/sudo /bin/touch /root/foo
Running the sudo commands in a normal BASH session works fine so this is a net-snmp issue.
How can I get root access?
|