Re: Modifying kernel so that non-root users have some root capabilities

[Bill Davidsen]

Richard B. Johnson wrote:
> On Mon, 24 May 2004, Laughlin, Joseph V wrote:
>
>
> > (not sure if this is a duplicate or not.. Apologies in advance.)
> >
> > I've been tasked with modifying a 2.4 kernel so that a non-root user can
> > do the following:
> >
> > Dynamically change the priorities of processes (up and down)
> > Lock processes in memory
> > Can change process cpu affinity
> >
> > Anyone got any ideas about how I could start doing this?  (I'm new to
> > kernel development, btw.)
> >
> > Thanks,
>
>
> You don't modify an operating system to do that!! You just make
> a priviliged program (setuid) that does the things you want.

Dick, it's called capabilities, and people have already modified the 
operating system to do that, it just doesn't work quite as intended in 
some cases. Setuid is the keys to the kingdom, you really don't want to 
use setuid root unless there's no other way.

Remember when everything used to take the BKL? Then people saw a better 
way. Capabilities is the same kind of progression, save the big hammer 
for the big nail.

--
   -bill davidsen (davidsen@xxxxxxx)
"The secret to procrastination is to put things off until the
 last possible moment - but no longer"  -me
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/