[rsbac] cap chown etc.
Arkady A Drovosekov
drawa at suct.uu.ru
Sat May 31 10:28:50 MEST 2003
On Fri, May 30, 2003 at 12:45:44PM -0700, Chirag Pandya wrote:
> >is it possible to limit CHOWN capability (in
> max_caps) >or CHOWN in general
> >with some uids/gids? Like AUTH Capabilities, where
> you >can define uids.
> Do you mean using the system call
> attr_set_user CAP <UID> max_caps CHOWN (or listing the
> space separated set of desired capabilities) ?
> attr_set_user -A will show that CAP is a valid option
> I am a RSBAC newbie so forgive me if I misunderstood
> the question :-)
well, I've written not very clear. I'd like to assign the CHOWN capability
to some file/process/role and limit values for chown to
several defined uids/gids. Something like
attr_set_file_dir -a CAP FILE /usr/sbin/daemon min_caps SETUID uids 1000 65534
More information about the rsbac