Changeset 3706c7fe for postlfs/security/libcap.xml
- Timestamp:
- 05/24/2019 03:18:24 AM (5 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 9.0, 9.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 274a82e9
- Parents:
- 9da30c5
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/libcap.xml
r9da30c5 r3706c7fe 88 88 </sect2> 89 89 90 <sect2 role="configuration"> 91 <title>Configuring Libcap</title> 92 93 <para>In order to allow <application>Linux-PAM</application> to grant 94 privileges based on POSIX capabilites, you need to add the libcap module 95 to the begining of the <filename>/etc/pam.d/system-auth</filename> file. 96 Make the required edits with the following commands:</para> 97 98 <screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} && 99 cat > /etc/pam.d/system-auth << "EOF" && 100 # Begin /etc/pam.d/system-auth 101 102 auth optional pam_cap.so 103 EOF 104 tail -n +3 /etc/pam.d/system-auth.bak << /etc/pam.d/system-auth</userinput></screen> 105 106 <para>Additonally, you'll need to modify the 107 <filename>/etc/security/capability.conf</filename> file to grant necessary 108 privileges to users, and utilize the <application>setcap</application> 109 utiltiy to set capabilities on specific utilities as needed. See 110 <command>man 8 setcap</command> and <command>man 3 cap_from_text</command> 111 for additional information.</para> 112 113 </sect2> 114 90 115 <sect2 role="content"> 91 116 <title>Contents</title>
Note:
See TracChangeset
for help on using the changeset viewer.