I think this is all of them, and the minimal capabilities possible: chmod -v -s /bin/ping setcap cap_net_raw=ep /bin/ping chmod -v -s /bin/ping6 setcap cap_net_raw=ep /bin/ping6
chmod -v -s /usr/bin/chage setcap CAP_DAC_READ_SEARCH=ep /usr/bin/chage chmod -v -s /usr/bin/chfn setcap CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_SETUID=ep /usr/bin/chfn chmod -v -s /usr/bin/chsh setcap CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_SETUID=ep /usr/bin/chsh chmod -v -s /bin/passwd setcap CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /bin/passwd # /bin/su may want CAP_SYS_TTY_CONFIG and CAP_SYS_RESOURCE, # depending how you use /bin/su. chmod -v -s /bin/su setcap CAP_DAC_READ_SEARCH,CAP_SETUID,CAP_SETGID=ep /bin/su chmod -v -s /usr/bin/newgrp setcap CAP_SETGID=ep /usr/bin/newgrp chmod -v -s /bin/mount setcap CAP_SYS_ADMIN=ep /bin/mount chmod -v -s /bin/umount setcap CAP_SYS_ADMIN=ep /bin/umount robert
pgp0RMyGYJH45.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
