Changeset 3706c7f


Ignore:
Timestamp:
05/24/2019 03:18:24 AM (2 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 9.0, 9.1, ken/refactor-virt, lazarus, qt5new, trunk, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
274a82e
Parents:
9da30c5
Message:

Add Linux-PAM configuration for libcap.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@21620 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • general.ent

    r9da30c5 r3706c7f  
    11<!-- $LastChangedBy$ $Date$ -->
    22
    3 <!ENTITY day          "21">                   <!-- Always 2 digits -->
     3<!ENTITY day          "24">                   <!-- Always 2 digits -->
    44<!ENTITY month        "05">                   <!-- Always 2 digits -->
    55<!ENTITY year         "2019">
     
    77<!ENTITY copyholder   "The BLFS Development Team">
    88<!ENTITY version      "&year;-&month;-&day;">
    9 <!ENTITY releasedate  "May 21st, &year;">
     9<!ENTITY releasedate  "May 24th, &year;">
    1010<!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
    1111<!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
  • introduction/welcome/changelog.xml

    r9da30c5 r3706c7f  
    4242    </listitem>
    4343    -->
     44    <listitem>
     45      <para>May 24th, 2019</para>
     46      <itemizedlist>
     47        <listitem>
     48          <para>[dj] - Add Linux-PAM configuration for libcap.</para>
     49        </listitem>
     50      </itemizedlist>
     51    </listitem>
     52
    4453    <listitem>
    4554      <para>May 21st, 2019</para>
  • postlfs/security/libcap.xml

    r9da30c5 r3706c7f  
    8888  </sect2>
    8989
     90  <sect2 role="configuration">
     91    <title>Configuring Libcap</title>
     92
     93    <para>In order to allow <application>Linux-PAM</application> to grant
     94    privileges based on POSIX capabilites, you need to add the libcap module
     95    to the begining of the <filename>/etc/pam.d/system-auth</filename> file.
     96    Make the required edits with the following commands:</para>
     97
     98<screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} &amp;&amp;
     99cat &gt; /etc/pam.d/system-auth &lt;&lt; "EOF" &amp;&amp;
     100# Begin /etc/pam.d/system-auth
     101
     102auth      optional    pam_cap.so
     103EOF
     104tail -n +3 /etc/pam.d/system-auth.bak &lt;&lt; /etc/pam.d/system-auth</userinput></screen>
     105
     106    <para>Additonally, you'll need to modify the
     107    <filename>/etc/security/capability.conf</filename> file to grant necessary
     108    privileges to users, and utilize the <application>setcap</application>
     109    utiltiy to set capabilities on specific utilities as needed. See
     110    <command>man 8 setcap</command> and <command>man 3 cap_from_text</command>
     111    for additional information.</para>
     112 
     113  </sect2>
     114
    90115  <sect2 role="content">
    91116    <title>Contents</title>
Note: See TracChangeset for help on using the changeset viewer.