On Wed, Jul 20, 2005 at 12:10:16 -0400, Rosenstrauch, David wrote: > > > > But > > capability as module isn't needed anymore for realtime > > issues. > > > Long explaination, I hope it clears things a bit. > > > > -tobbi > > > Some (and thanks for the detailed explanation), but not completely: > > So then why did vsftpd break if I didn't have the capability module loaded?
Hm, I left that out hoping you wouldn't ask :P Please note I'm not a kernel guru. From what I understand vsftp is running as root and forks a process owned by nobody/ftp/<username> (depends on login way anonymous/user/chrooted user etc. ) and these processes are forked as root and reset per setuid() to the other user. This goes along with limited capabilities (limited nice values etc.) Vsftp achives that by the function prctl() function, which is part of the capabilities code. Maybe this http://www.ussg.iu.edu/hypermail/linux/kernel/0406.3/0697.html helps on understanding. Very geeky stuff though. -tobbi _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
