Quoting wk (304702903@xxxxxx): > I want write a c program.And a common user(not in root group) will run this program. > In this program,I call fread(/dev/sdc...) and fwrite(/dev/sdc),but this call will return "permission no allow".If I use the root user,will be ok. > How to change to the authority to root's? > > I know the root's password. Offhand I suspect what you need is CAP_SYS_RAWIO (maybe CAP_SYS_ADMIN). But I don't know how your program is designed so am not sure how to best give your program that privilege: 1. Make program setuid root, have it immediately switch to nonroot and keep root in your saved uid so you can move it back to euid when you need to write /dev/sdc. (man setresuid) 2. Put CAP_SYS_RAWIO in fP (or fI if you can put it in the calling user's pI), then have your program put the capability into pE just when it needs to write to /dev/sdc. (man 7 capabilities) 3. Write a separate minimal partially privileged helper program which answers requests by your main program. Then you could use selinux to enforce an assured pipeline to prevent anyone else using the helper. (google privilege separation) -serge -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
