source: postlfs/security/libcap.xml@ df0e196

10.0 10.1 11.0 ken/refactor-virt lazarus qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since df0e196 was df0e196, checked in by Bruce Dubbs <bdubbs@…>, 15 months ago

Update to gcc-10.2.0.
Update to libcap-2.42.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@23459 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 4.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY libcap-download-http "&kernel-dl;/linux/libs/security/linux-privs/libcap2/libcap-&libcap-version;.tar.xz">
8 <!ENTITY libcap-download-ftp " ">
9 <!ENTITY libcap-md5sum "f22cd619e04ae7b88a6a0c109b9523eb">
10 <!ENTITY libcap-size "140 KB">
11 <!ENTITY libcap-buildsize "1.3 MB">
12 <!ENTITY libcap-time "less than 0.1 SBU">
13]>
14
15<sect1 id="libcap-pam" xreflabel="libcap-&libcap-version; with PAM">
16 <?dbhtml filename="libcap.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>libcap-&libcap-version; with PAM</title>
24
25 <indexterm zone="libcap-pam">
26 <primary sortas="a-libcap-pam">libcap</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to libcap with PAM</title>
31
32 <para>
33 The <application>libcap</application> package was installed in
34 LFS, but if <application>Linux-PAM</application> support is desired,
35 the PAM module must be built (after installation of
36 <application>Linux-PAM</application>).
37 </para>
38
39 &lfs91_checked;
40
41 <bridgehead renderas="sect3">Package Information</bridgehead>
42 <itemizedlist spacing="compact">
43 <listitem>
44 <para>
45 Download (HTTP): <ulink url="&libcap-download-http;"/>
46 </para>
47 </listitem>
48 <listitem>
49 <para>
50 Download (FTP): <ulink url="&libcap-download-ftp;"/>
51 </para>
52 </listitem>
53 <listitem>
54 <para>
55 Download MD5 sum: &libcap-md5sum;
56 </para>
57 </listitem>
58 <listitem>
59 <para>
60 Download size: &libcap-size;
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Estimated disk space required: &libcap-buildsize;
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Estimated build time: &libcap-time;
71 </para>
72 </listitem>
73 </itemizedlist>
74
75 <bridgehead renderas="sect3">libcap Dependencies</bridgehead>
76
77 <bridgehead renderas="sect4">Required</bridgehead>
78 <para role="required">
79 <xref linkend="linux-pam"/>
80 </para>
81
82 <para condition="html" role="usernotes">User Notes:
83 <ulink url="&blfs-wiki;/libcap"/></para>
84
85 </sect2>
86
87 <sect2 role="installation">
88 <title>Installation of libcap</title>
89
90 <note>
91 <para>
92 If you are upgrading libcap from a previous version, use the
93 instructions in
94 <ulink url="&lfs-root;/chapter08/libcap.html">
95 LFS libcap page
96 </ulink> to upgrade libcap. If <xref linkend="linux-pam"/> has been
97 built, the PAM module will automatically be built too.
98 </para>
99 </note>
100
101 <para>
102 Install <application>libcap</application> by running the following
103 commands:
104 </para>
105
106<screen><userinput>make -C pam_cap</userinput></screen>
107
108 <para>
109 This package does not come with a test suite.
110 </para>
111
112 <para>
113 Now, as the <systemitem class="username">root</systemitem> user:
114 </para>
115
116<screen role="root"><userinput>install -v -m755 pam_cap/pam_cap.so /lib/security &amp;&amp;
117install -v -m644 pam_cap/capability.conf /etc/security</userinput></screen>
118
119 </sect2>
120
121 <sect2 role="configuration">
122 <title>Configuring Libcap</title>
123
124 <para>
125 In order to allow <application>Linux-PAM</application> to grant
126 privileges based on POSIX capabilites, you need to add the libcap module
127 to the begining of the <filename>/etc/pam.d/system-auth</filename> file.
128 Make the required edits with the following commands:
129 </para>
130
131<screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} &amp;&amp;
132cat &gt; /etc/pam.d/system-auth &lt;&lt; "EOF" &amp;&amp;
133<literal># Begin /etc/pam.d/system-auth
134
135auth optional pam_cap.so</literal>
136EOF
137tail -n +3 /etc/pam.d/system-auth.bak &gt;&gt; /etc/pam.d/system-auth</userinput></screen>
138
139 <para>
140 Additonally, you'll need to modify the
141 <filename>/etc/security/capability.conf</filename> file to grant
142 necessary privileges to users, and utilize the <command>setcap</command>
143 utility to set capabilities on specific utilities as needed. See
144 <command>man 8 setcap</command> and
145 <command>man 3 cap_from_text</command> for additional information.
146 </para>
147
148 </sect2>
149
150 <sect2 role="content">
151 <title>Contents</title>
152
153 <segmentedlist>
154 <segtitle>Installed Programs</segtitle>
155 <segtitle>Installed Library</segtitle>
156 <segtitle>Installed Directories</segtitle>
157
158 <seglistitem>
159 <seg>None</seg>
160 <seg>pam_cap.so</seg>
161 <seg>None</seg>
162 </seglistitem>
163 </segmentedlist>
164
165 </sect2>
166
167</sect1>
Note: See TracBrowser for help on using the repository browser.