Changeset 3706c7fe for postlfs/security/libcap.xml

Timestamp:

05/24/2019 03:18:24 AM (5 years ago)

Author:

DJ Lucas <dj@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 9.0, 9.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

274a82e9

Parents:

9da30c5

Message:

Add Linux-PAM configuration for libcap.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@21620 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/libcap.xml (modified) (1 diff)

postlfs/security/libcap.xml

@@ -88 +88 @@
   </sect2>
 
+  <sect2 role="configuration">
+    <title>Configuring Libcap</title>
+
+    <para>In order to allow <application>Linux-PAM</application> to grant
+    privileges based on POSIX capabilites, you need to add the libcap module
+    to the begining of the <filename>/etc/pam.d/system-auth</filename> file.
+    Make the required edits with the following commands:</para>
+
+<screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} &amp;&amp;
+cat &gt; /etc/pam.d/system-auth &lt;&lt; "EOF" &amp;&amp;
+# Begin /etc/pam.d/system-auth
+
+auth      optional    pam_cap.so
+EOF
+tail -n +3 /etc/pam.d/system-auth.bak &lt;&lt; /etc/pam.d/system-auth</userinput></screen>
+
+    <para>Additonally, you'll need to modify the
+    <filename>/etc/security/capability.conf</filename> file to grant necessary
+    privileges to users, and utilize the <application>setcap</application>
+    utiltiy to set capabilities on specific utilities as needed. See
+    <command>man 8 setcap</command> and <command>man 3 cap_from_text</command>
+    for additional information.</para>
+ 
+  </sect2>
+
   <sect2 role="content">
     <title>Contents</title>