Taking Advantage of Linux Capabilities

Concentrating on user privileges to appease the security paranoid.
Conclusion

Capabilities can provide sophisticated, fine-grained access control over all aspects of a Linux system. At last, security paranoids will have some tools they so desperately need in their endless fight against “them”.

Resources

Michael Bacarella (mike@bacarella.com) is president of Netgraft Corporation, a firm specializing in web system development and information security analysis. He shares an apartment in New York with his wonderful fiancée and a most fearsome green iguana (the iguana's name is Kang.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Doesn't work for me.

Anonymous's picture

# execcap 'cap_net_raw=ep' /sbin/sucap nobody nobody /bin/ping www.yahoo.com
Caps: =ep cap_setpcap-ep
Caps: =
[debug] uid:65534, real uid:65534
sucaps: capsetp: Operation not permitted
sucap: child did not exit cleanly.

Geek Guide
The DevOps Toolbox

Tools and Technologies for Scale and Reliability
by Linux Journal Editor Bill Childers

Get your free copy today

Sponsored by IBM

Webcast
8 Signs You're Beyond Cron

Scheduling Crontabs With an Enterprise Scheduler
On Demand
Moderated by Linux Journal Contributor Mike Diehl

Sign up and watch now

Sponsored by Skybot