> Hi!
>
> > I have an idea for a program which I would call scap (in
> > the spirit of sg amd su). I'm mainly trying to work out
> > if such a program exists already and if not, ideas on
> > how it would work.
> >
> > I was thinking to have a file (maybe /etc/caps) that would
> > look like the password file but explains what caps that user
> > has. for example:
> >
> > root:SYSADMIN,NETRAW,etc...
> > myuser:NETRAW...
> >
> > These users could then use the scap program to get these
> > capabilities when they need them. This could either be done
> > by scap spawning a shell with the new capability or using
> > CAP_SETPCAP to change the capabilities of its parent.
>
> I like this. It makes something like my old elf-capabilities-hack
> possible, with bit more work.
Have a look at Irix. I suggest you imitate that behaviour straight off;
it seems to be a pretty nice implementation.
/etc/capabilities on some recently new SGI-machine sporting Irix.
/David
_ _
// David Weinehall <tao@acc.umu.se> /> Northern lights wander \\
// Project MCA Linux hacker // Dance across the winter sky //
\> http://www.acc.umu.se/~tao/ </ Full colour fire </
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/