Re: Filesystem Capabilities in 2.6?

Olaf Dietsche (olaf.dietsche#list.linux-kernel@t-online.de)
Mon, 04 Nov 2002 13:24:57 +0100


Antti Salmela <asalmela@iki.fi> writes:

> Dax Kelson <dax@gurulabs.com> wrote:
>
>> Each app should run in its own security context by itself. That is why
>> I have all the following users in my /etc/passwd:
>>
>> apache nscd squid xfs ident rpc pcap nfsnobody radvd gdm named ntp
>
> Well, wouldn't it be then logical to associate uids to capabilities, e.g. I
> could have ping binary setuid to user ping which would have just the
> necessary capabilities to operate?

Welcome to accessfs :-)

<http://groups.google.com/groups?selm=87k7km9fti.fsf%40goat.bogus.local>
<http://groups.google.com/groups?selm=87elau9ft2.fsf%40goat.bogus.local>
<http://groups.google.com/groups?selm=878z129fnz.fsf%40goat.bogus.local>

It's not exactly what you asked for, but I think it's the closest you
can get at the moment.

Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/