>From man:capabilities(7): "Capabilities are a per-thread attribute."
I don't think you can grant any capability to a user. A workaround for what you want is to write a little executable that only execvp's bash (or whatever shell you use), grant that executable CAP_NET_RAW, and then set it as default shell with usermod. Regards. On Tue, Dec 10, 2013 at 12:16 PM, Grant Edwards <grant.b.edwa...@gmail.com> wrote: > How do you grant a capability (e.g. CAP_NET_RAW) to a user? > > I've been googling and have found countless articles and blog posts > explaining what each capability is and how to grant capabilities to an > executable file. While granting the capability to an executable does > work, that's not what I need to do for a couple different reasons. > > I need to grant the capability to a user, not to the executable. > > There were a couple vague references implying that you can configure > "login to grant the desired capabilities" when a user logs in, but > I've not found any documentation on how to do that. > > I've tried editing /etc/security/capability.conf and adding the line > > cap_net_raw <username> > > But, that doesn't seem to have any effect (yes, I logged out and back > in again). > > -- > Grant Edwards grant.b.edwards Yow! Mary Tyler Moore's > at SEVENTH HUSBAND is wearing > gmail.com my DACRON TANK TOP in a > cheap hotel in HONOLULU! > > -- Canek Peláez Valdés Posgrado en Ciencia e Ingeniería de la Computación Universidad Nacional Autónoma de México
