ons 2003-02-19 klockan 17.40 skrev atit_ldce: > i want to assign specific capabilities to user squid user create on my linux m/c. > > specially i want to assign CAP_NET_ADMIN to squid user so that i am able to run my >modified squid. > > my modified squid is using setsockopt function which require CAP_NET_ADMIN >capability to be present with user squid.
This part of the Linux kernel is still a little immature. The basic idea of the Linux capabilities system is that binaries should be assigned certain capabilities by root. Another method is if applications started as root drop all privileges except for what it needs. The best source of information for this is the Linux capabilities documentation included in libpcap. See man cap_set_proc etc. -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
