capabilities question(s)

[Gábor Lénárt]

Hi All,

I have the problem that I can't find too much informations about
capabilities implemented by the Linux kernel, and its usage. 
I even don't have header file sys/capability.h suggested by man
page of capget (on ubuntu, if it does count). However it's not the major
problem, as I've found example to use syscall() from sys/syscall.h and
stuffs in linux/capability.h. Well, ignore it, I've just found out
that I need libcap-dev to install. However the problem remains:

What I want to do: I need user to be able to do chroot() once, then I want
to drop that capability (to be safe?).  My program (a server) runs as root,
but after initialization it changes uid/gid (in a forked process).  However
I want to keep chroot capability even after the uid/gid change so I can do a
chroot() even as non-root.  It it possible at all? I need this so I feel
more secure not to run things as root, since I need to do many things before
I can call chroot(). So I guessed, it's more secure to use non-root user
to do these, before I can do chroot().

As far as I can see, I can set capability as root, but after uid/gid change,
I lost that capability, and - of course - I cannot set it as a user then.

Or should I use root user anyway, just drop all of the capabilities I don't
need just keep uid/gid change and chroot? Anyway, then I have the problem
that I am still root for the filesystem permission checks, and it's
something I don't want to do, because the things my server do before chroot
is not so secure ...

Any ideas are welcome.

Best regards,

Gábor
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/