> Not for logins, simply per-user capabilities.
> Either you can do something or you cannot.
> If you do not have the capability to do something
> you need a program that is SUID to a user who can
> in order to do it.
Are you thinking about having in-kernel table of user caps?
Not a good idea, IMHO.
Think of groups - users are usually in groups, but suid (non-root)
processes are still in caller's group(s), unless g+s is also set.
If you don't have some capability, you don't need u+s program.
You need a program with the capability set.
> > Per-file capabilities for use by root. (easy)
> > Per-file capabilities for everyone. (hard, and for ext2 only)
Of course, for ext2. I don't want caps in NFS or something else unaware
of it - I have a machine with 2.2 kernel with user accounts, and it seems
reasonable to grant some users some caps. But this machine serves as
a NFS server for a number of 2.0 kernel machines - I don't want the users
to gain root priviledges on those machines.
I would rather prefer caps in fs rather than unsecure root u+s hacks.
-- Krzysztof Halasa Network Administrator of The Palace of Youth in Warsaw- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/