Taking Advantage of Linux Capabilities

Concentrating on user privileges to appease the security paranoid.

Capabilities can provide sophisticated, fine-grained access control over all aspects of a Linux system. At last, security paranoids will have some tools they so desperately need in their endless fight against “them”.


Michael Bacarella (mike@bacarella.com) is president of Netgraft Corporation, a firm specializing in web system development and information security analysis. He shares an apartment in New York with his wonderful fiancée and a most fearsome green iguana (the iguana's name is Kang.



Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Doesn't work for me.

Anonymous's picture

# execcap 'cap_net_raw=ep' /sbin/sucap nobody nobody /bin/ping www.yahoo.com
Caps: =ep cap_setpcap-ep
Caps: =
[debug] uid:65534, real uid:65534
sucaps: capsetp: Operation not permitted
sucap: child did not exit cleanly.