[rsbac] cap chown etc.
Amon Ott
ao at rsbac.org
Sat May 31 11:53:09 MEST 2003
On Saturday, 31. May 2003 05:28, Arkady A Drovosekov wrote:
> well, I've written not very clear. I'd like to assign the CHOWN capability
> to some file/process/role and limit values for chown to
> several defined uids/gids. Something like
> attr_set_file_dir -a CAP FILE /usr/sbin/daemon min_caps SETUID uids 1000
65534
What you can do is add a CHOWN CAP to daemon and then restrict the set with
AUTH. This scheme works fine here. Group id support has not been added to
AUTH yet, because it was seen as irrelevant.
There is no way to check uids in CAP module, because it only sets Linux
capabilities, which do not support them.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list