Re: Modifying kernel so that non-root users have some root capabilities
From: Bill Davidsen
Date: Tue May 25 2004 - 13:19:33 EST
Richard B. Johnson wrote:
On Mon, 24 May 2004, Laughlin, Joseph V wrote:
(not sure if this is a duplicate or not.. Apologies in advance.)
I've been tasked with modifying a 2.4 kernel so that a non-root user can
do the following:
Dynamically change the priorities of processes (up and down)
Lock processes in memory
Can change process cpu affinity
Anyone got any ideas about how I could start doing this? (I'm new to
kernel development, btw.)
Thanks,
You don't modify an operating system to do that!! You just make
a priviliged program (setuid) that does the things you want.
Dick, it's called capabilities, and people have already modified the
operating system to do that, it just doesn't work quite as intended in
some cases. Setuid is the keys to the kingdom, you really don't want to
use setuid root unless there's no other way.
Remember when everything used to take the BKL? Then people saw a better
way. Capabilities is the same kind of progression, save the big hammer
for the big nail.
--
-bill davidsen (davidsen@xxxxxxx)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/