[rsbac] Capabilities
Rob See
rob at rsee.net
Tue May 4 16:08:23 CEST 2004
Hi,
I'm working on getting the backup script to run as a different user
and I wanted to do it by assigning CAP_DAC_READ_SEARCH to whichever
binaries need it to run correctly. I've tried assigning it in min caps
for the script and the binaries and It still can't read all files and
directories. Am I understanding the way capabilities work? It is true
that by assigning minimum caps, they are assigned to the process even
if it wouldn't normally have them ? Also, how does inheritance work
with capabilities ? Do they need to be assigned to each binary, or will
assigning them to the parent process cause them to flow down ? Is there
any way to see what capabilities a process is running with ? Has
anybody else seen them work right with 2.6.5 ? Also, I've noticed that
there is a capabilities LSM module. Does that need to be compiled for
them to work correctly?
Thanks,
-Rob
------------------------------------------------------------------
Rob See
Systems Administrator
Systems Management and Operations
University at Albany
------------------------------------------------------------------
More information about the rsbac
mailing list