Hi,
firstly appologies if this is the wrong section for this question.

I need to run a program that makes use of raw mode transfers across a network. This works fine as root, but the socket is blocked for other users.

I've discovered that I need to enable one of the capabilities called CAP_NET_RAW to do so as a user.
(this is why I've posted in this section as restricting capabilities seem security related...)

Man shows details of 'capabilities', as well as 'capget'.
When i call capget though, even as root, I get the following message:
Capget: operation not permitted.

I cannot find any details as to how to enable the capabilites.
I've googled for info, read all the sections of the manual that seem vaguely related to this, and can't find any clues.

No doubt this is a simple one, but I'm getting nowhere fast.

This is RH ES4.0 installed on a flash disk running on a cPCI card using a 32 bit Intel cpu.
Nothing special about the install, it runs just the same as the install on my desktop.

I look forward to your replies.

Cheers,
John.

AFAIK POSIX capabilities like CAP_NET_RAW are and stay root's privilege (like using Spoon's lcap shows: all or nothing) and that's why traditionally them apps have been chmodded to be setuid root. If an application starts life with UID 0, then not dropping certain privs (a clear risk) can probably be accomplished programmatically, but for fine-grained *granting* of capabilities that aren't a users own "the new way" I think you'll need SELinux, GRSecurity or LIDS.

I tried LIDS. You can achieve desired results in runtime environment.

Link :
http://www.lids.org/document/build_lids-0.2-4.html
File : /etc/lids/lids.cap

Thanks people, I didn't realise capabilities was not the preferred method.
I've gone the chmod setuid route for now, as it sorts the problem and gets things going.
I'll look into the other options if needs be. LIDS looks like it does what I want it to.

Many thanks for your quick responses. Now on to the next problem

Regards,
John.