You can survive with them outside of the FS if you use a suid wrapper (ala
sudo) and make it the only suid bin on your system. :)
On Wed, 22 Mar 2000, Nicolas MONNET wrote:
>
> I've searched, I've asked, and I did my best to avoid posting this here as
> I felt this was offtopic; but reading kernel traffic I realized there had
> been a thread on the practical usability of capabilities.
>
> It got down to, to be usable, you need to have those implemented in the
> file system.
>
> I can think of many uses, however, where it's not needed. Actually, I'm
> not going to use capabilities on SUID-like files. Practically, you need
> them for daemon, for example for daemon who need priviledged port
> accesses.
>
> Example:
>
> I have a stand-alone daemon who I want to be able to run as an
> unpriviledged user, bound to port 80, for example. Apache, for example.
>
> How do I implement this? How can I wrap something simply that will wrap
> Apache and start it up completely non-root?
>
>
> (The reason, in this particular case, is that i want to run it in a
> complete chroot jail, while retaining configurability by the user;
> clearly, it can't be running as root in this case)
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Mar 23 2000 - 21:00:37 EST