LinuxQuestions.org - How to use linux capability

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - How to use linux capability (https://www.linuxquestions.org/questions/linux-security-4/how-to-use-linux-capability-414637/)

mshang

02-12-2006 03:22 PM

How to use linux capability

does anyone know how to use linux capability commands, including getcaps, setcaps, sucap and execcap.

I tried many times, like
#getpcaps $$
Capabilities for '2735': =ep cap_setpcap-eq
#setpcaps CAP_SETUID+p 2735
[caps set to: = cap_setuid+p]
Failed to set cap's on process '2735': (Operating not permitted)

Actually I also tried other processes, cannot achieve on any process. Could someone tell me how to use it in correct way?

unSpawn

02-14-2006 08:32 AM

AFAIK this doesn't work and any digging around reveals the package to be b0rken or a kernel needed with SETCAP(?) flags. If you want to take away caps on a "global" scale (like module loading) I would suggest using Spoon's lcap package, elif you want to take away per-process caps use features from SELinux or GRSecurity's RBAC.

mshang

02-14-2006 02:00 PM

how to make capability work

Since I don't want to disable all capabilty, I want to play with it and make sure how it works. The message "operation is not permitted" just stuck me there.

My system is fedora core4. Any suggestions to make it work? Thanks!

unSpawn

02-15-2006 08:42 AM

Any suggestions to make it work?
None except maybe look into SELinux or GRSecurity RBAC.

All times are GMT -5. The time now is 11:51 PM.