-----Original Message-----
From: Bill Davidsen [mailto:davidsen@xxxxxxx] Sent: Tuesday, May 25, 2004 11:14 AM
To: root@xxxxxxxxxxxxxxxxxx
Cc: Laughlin, Joseph V; linux-kernel@xxxxxxxxxxxxxxx
Subject: Re: Modifying kernel so that non-root users have some root capabilities
Richard B. Johnson wrote:
On Mon, 24 May 2004, Laughlin, Joseph V wrote:
(not sure if this is a duplicate or not.. Apologies in advance.)
I've been tasked with modifying a 2.4 kernel so that a
non-root user
can do the following:
Dynamically change the priorities of processes (up and down) Lock processes in memory Can change process cpu affinity
Anyone got any ideas about how I could start doing this?
(I'm new to
kernel development, btw.)
Thanks,
You don't modify an operating system to do that!! You just make a priviliged program (setuid) that does the things you want.
Dick, it's called capabilities, and people have already modified the operating system to do that, it just doesn't work quite as intended in some cases. Setuid is the keys to the kingdom, you really don't want to use setuid root unless there's no other way.
Remember when everything used to take the BKL? Then people saw a better way. Capabilities is the same kind of progression, save the big hammer for the big nail.
In what cases does changing the capabilities not have the intended
effects?