ons 2003-02-19 klockan 17.40 skrev atit_ldce:
> i want to assign specific capabilities to user squid user create on my linux m/c.
>
> specially i want to assign CAP_NET_ADMIN to squid user so that i am able to run my modified squid.
>
> my modified squid is using setsockopt function which require CAP_NET_ADMIN capability to be present with user squid.
This part of the Linux kernel is still a little immature.
The basic idea of the Linux capabilities system is that binaries should
be assigned certain capabilities by root.
Another method is if applications started as root drop all privileges
except for what it needs. The best source of information for this is the
Linux capabilities documentation included in libpcap. See man
cap_set_proc etc.
-- Henrik Nordstrom <hno@squid-cache.org> MARA Systems AB, SwedenReceived on Wed Feb 19 2003 - 06:39:18 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:16 MST