RE: Modifying kernel so that non-root users have some root capabilities

[Laughlin, Joseph V]

> -----Original Message-----
> From: Bill Davidsen [mailto:davidsen@xxxxxxx] 
> Sent: Tuesday, May 25, 2004 11:14 AM
> To: root@xxxxxxxxxxxxxxxxxx
> Cc: Laughlin, Joseph V; linux-kernel@xxxxxxxxxxxxxxx
> Subject: Re: Modifying kernel so that non-root users have 
> some root capabilities
> 
> 
> Richard B. Johnson wrote:
> > On Mon, 24 May 2004, Laughlin, Joseph V wrote:
> > 
> > 
> >>(not sure if this is a duplicate or not.. Apologies in advance.)
> >>
> >>I've been tasked with modifying a 2.4 kernel so that a 
> non-root user 
> >>can do the following:
> >>
> >>Dynamically change the priorities of processes (up and down) Lock 
> >>processes in memory Can change process cpu affinity
> >>
> >>Anyone got any ideas about how I could start doing this?  
> (I'm new to 
> >>kernel development, btw.)
> >>
> >>Thanks,
> > 
> > 
> > You don't modify an operating system to do that!! You just make a 
> > priviliged program (setuid) that does the things you want.
> 
> Dick, it's called capabilities, and people have already modified the 
> operating system to do that, it just doesn't work quite as 
> intended in 
> some cases. Setuid is the keys to the kingdom, you really 
> don't want to 
> use setuid root unless there's no other way.
> 
> Remember when everything used to take the BKL? Then people 
> saw a better 
> way. Capabilities is the same kind of progression, save the 
> big hammer 
> for the big nail.
> 

In what cases does changing the capabilities not have the intended
effects?

Thanks,
Joe 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/