I've searched, I've asked, and I did my best to avoid posting this here as
I felt this was offtopic; but reading kernel traffic I realized there had
been a thread on the practical usability of capabilities.
It got down to, to be usable, you need to have those implemented in the
file system.
I can think of many uses, however, where it's not needed. Actually, I'm
not going to use capabilities on SUID-like files. Practically, you need
them for daemon, for example for daemon who need priviledged port
accesses.
Example:
I have a stand-alone daemon who I want to be able to run as an
unpriviledged user, bound to port 80, for example. Apache, for example.
How do I implement this? How can I wrap something simply that will wrap
Apache and start it up completely non-root?
(The reason, in this particular case, is that i want to run it in a
complete chroot jail, while retaining configurability by the user;
clearly, it can't be running as root in this case)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Mar 23 2000 - 21:00:36 EST