how to assign capabilities to specific process/user
this is atit jariwala final semester student of be computer ldce ahd i want to assign specific capabilities to specific user or process i want this because i want my program that is using setsockopt call to run from other user then root and runnig of setscokopt requires CAP_NET_ADMIN assigned to the user and by default it is assigned to root user only and i want to assign this to specific user thanks _____________________________________________________________________ Get your internet connection from the fastest growing digital network. ICENET visit our site www.icenet.net
On Wednesday 19 Feb 2003 5:05 pm, atit_ldce wrote:
this is atit jariwala final semester student of be computer ldce ahd
i want to assign specific capabilities to specific user or process
i want this because i want my program that is using setsockopt call to run from other user then root
and runnig of setscokopt requires CAP_NET_ADMIN assigned to the user and by default it is assigned to root user only
and i want to assign this to specific user
thanks
I'm sure someone can correct me if I'm wrong, but I'd say that allowing a user other than root to use setsockopt is a bit dangerous. Would running the program so that it runs as root automatically be OK(which can be done with a script...I've never got it working myself. Could someone else help?) Could you go into more detail about the problem (like what the program is meant to do)? As there may be another way round the problem if you can tell us what you're trying to do... thanks, BenE
_____________________________________________________________________ Get your internet connection from the fastest growing digital network. ICENET visit our site www.icenet.net
_______________________________________________ main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
BenEBoy <mail@psychoferret.freeserve.co.uk> writes:
On Wednesday 19 Feb 2003 5:05 pm, atit_ldce wrote:
i want to assign specific capabilities to specific user or process
i want this because i want my program that is using setsockopt call to run from other user then root
and runnig of setscokopt requires CAP_NET_ADMIN assigned to the user and by default it is assigned to root user only
and i want to assign this to specific user
I believe you need the libcap package/packages.
I'm sure someone can correct me if I'm wrong, but I'd say that allowing a user other than root to use setsockopt is a bit dangerous.
Not at all. Most setsockopt calls are quite safe for ordinary users to use, and they are indeed allowed to user them, and in some cases _have_ to use them to get sensible behaviour (e.g. SO_REUSEADDR). Some do require extra privilege of some sort, however, and presumably the OP wants to use one of those. -- http://www.greenend.org.uk/rjk/
participants (3)
-
atit_ldce -
BenEBoy -
Richard Kettlewell