Changeset 47274444 for postlfs/security/libcap.xml
- Timestamp:
- 03/24/2020 07:19:44 PM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- fa3edfef
- Parents:
- 914049f6
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/libcap.xml
r914049f6 r47274444 30 30 <title>Introduction to libcap with PAM</title> 31 31 32 <para>The <application>libcap</application> package was installed in 33 LFS, but if <application>Linux-PAM</application> support is desired, 34 the PAM module must be built (after installation of 35 <application>Linux-PAM</application>).</para> 32 <para> 33 The <application>libcap</application> package was installed in 34 LFS, but if <application>Linux-PAM</application> support is desired, 35 the PAM module must be built (after installation of 36 <application>Linux-PAM</application>). 37 </para> 36 38 37 39 &lfs91_checked; … … 40 42 <itemizedlist spacing="compact"> 41 43 <listitem> 42 <para>Download (HTTP): <ulink url="&libcap-download-http;"/></para> 44 <para> 45 Download (HTTP): <ulink url="&libcap-download-http;"/> 46 </para> 43 47 </listitem> 44 48 <listitem> 45 <para>Download (FTP): <ulink url="&libcap-download-ftp;"/></para> 49 <para> 50 Download (FTP): <ulink url="&libcap-download-ftp;"/> 51 </para> 46 52 </listitem> 47 53 <listitem> 48 <para>Download MD5 sum: &libcap-md5sum;</para> 54 <para> 55 Download MD5 sum: &libcap-md5sum; 56 </para> 49 57 </listitem> 50 58 <listitem> 51 <para>Download size: &libcap-size;</para> 59 <para> 60 Download size: &libcap-size; 61 </para> 52 62 </listitem> 53 63 <listitem> 54 <para>Estimated disk space required: &libcap-buildsize;</para> 64 <para> 65 Estimated disk space required: &libcap-buildsize; 66 </para> 55 67 </listitem> 56 68 <listitem> 57 <para>Estimated build time: &libcap-time;</para> 69 <para> 70 Estimated build time: &libcap-time; 71 </para> 58 72 </listitem> 59 73 </itemizedlist> … … 75 89 76 90 <note> 77 <para>If you are upgrading libcap from a previous version, use the 78 instructions in 79 <ulink url="../../../../lfs/view/development/chapter06/libcap.html">LFS libcap page</ulink> 80 to upgrade libcap. If the PAM module has been built, it will automatically 81 be picked up.</para> 91 <para> 92 If you are upgrading libcap from a previous version, use the 93 instructions in 94 <ulink url="../../../../lfs/view/development/chapter06/libcap.html"> 95 LFS libcap page 96 </ulink> to upgrade libcap. If <xref linkend="linux-pam"/> has been 97 built, the PAM module will automatically be built too. 98 </para> 82 99 </note> 83 100 84 <para>Install <application>libcap</application> by running the following 85 commands:</para> 101 <para> 102 Install <application>libcap</application> by running the following 103 commands: 104 </para> 86 105 87 106 <screen><userinput>make -C pam_cap</userinput></screen> 88 107 89 <para>This package does not come with a test suite.</para> 108 <para> 109 This package does not come with a test suite. 110 </para> 90 111 91 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 112 <para> 113 Now, as the <systemitem class="username">root</systemitem> user: 114 </para> 92 115 93 116 <screen role="root"><userinput>install -v -m755 pam_cap/pam_cap.so /lib/security && … … 99 122 <title>Configuring Libcap</title> 100 123 101 <para>In order to allow <application>Linux-PAM</application> to grant 102 privileges based on POSIX capabilites, you need to add the libcap module 103 to the begining of the <filename>/etc/pam.d/system-auth</filename> file. 104 Make the required edits with the following commands:</para> 124 <para> 125 In order to allow <application>Linux-PAM</application> to grant 126 privileges based on POSIX capabilites, you need to add the libcap module 127 to the begining of the <filename>/etc/pam.d/system-auth</filename> file. 128 Make the required edits with the following commands: 129 </para> 105 130 106 131 <screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} && … … 112 137 tail -n +3 /etc/pam.d/system-auth.bak >> /etc/pam.d/system-auth</userinput></screen> 113 138 114 <para>Additonally, you'll need to modify the 115 <filename>/etc/security/capability.conf</filename> file to grant necessary 116 privileges to users, and utilize the <command>setcap</command> 117 utility to set capabilities on specific utilities as needed. See 118 <command>man 8 setcap</command> and <command>man 3 cap_from_text</command> 119 for additional information.</para> 139 <para> 140 Additonally, you'll need to modify the 141 <filename>/etc/security/capability.conf</filename> file to grant 142 necessary privileges to users, and utilize the <command>setcap</command> 143 utility to set capabilities on specific utilities as needed. See 144 <command>man 8 setcap</command> and 145 <command>man 3 cap_from_text</command> for additional information. 146 </para> 120 147 121 148 </sect2>
Note:
See TracChangeset
for help on using the changeset viewer.