Changeset 8eebfaa5


Ignore:
Timestamp:
05/24/2019 03:19:39 AM (4 years ago)
Author:
DJ Lucas <dj@…>
Branches:
elogind
Children:
4d390d2
Parents:
5e8edab5
Message:

Merge to HEAD 21620.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/BOOK-elogind@21621 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
3 edited

Legend:

Unmodified
Added
Removed

  • general.ent

    r5e8edab5 r8eebfaa5  
    11<!-- $LastChangedBy$ $Date$ -->
    22
    3 <!ENTITY day          "21">                   <!-- Always 2 digits -->
     3<!ENTITY day          "24">                   <!-- Always 2 digits -->
    44<!ENTITY month        "05">                   <!-- Always 2 digits -->
    55<!ENTITY year         "2019">
     
    77<!ENTITY copyholder   "The BLFS Development Team">
    88<!ENTITY version      "&year;-&month;-&day;">
    9 <!ENTITY releasedate  "May 21st, &year;">
     9<!ENTITY releasedate  "May 24th, &year;">
    1010<!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
    1111<!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->

  • introduction/welcome/changelog.xml

    r5e8edab5 r8eebfaa5  
    7676    </listitem>
    7777    -->
     78    <listitem>
     79      <para>May 24th, 2019</para>
     80      <itemizedlist>
     81        <listitem>
     82          <para>[dj] - Add Linux-PAM configuration for libcap.</para>
     83        </listitem>
     84      </itemizedlist>
     85    </listitem>
     86
    7887    <listitem>
    7988      <para>May 21st, 2019</para>

  • postlfs/security/libcap.xml

    r5e8edab5 r8eebfaa5  
    8888  </sect2>
    8989
     90  <sect2 role="configuration">
     91    <title>Configuring Libcap</title>
     92
     93    <para>In order to allow <application>Linux-PAM</application> to grant
     94    privileges based on POSIX capabilites, you need to add the libcap module
     95    to the begining of the <filename>/etc/pam.d/system-auth</filename> file.
     96    Make the required edits with the following commands:</para>
     97
     98<screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} &amp;&amp;
     99cat &gt; /etc/pam.d/system-auth &lt;&lt; "EOF" &amp;&amp;
     100# Begin /etc/pam.d/system-auth
     101
     102auth      optional    pam_cap.so
     103EOF
     104tail -n +3 /etc/pam.d/system-auth.bak &lt;&lt; /etc/pam.d/system-auth</userinput></screen>
     105
     106    <para>Additonally, you'll need to modify the
     107    <filename>/etc/security/capability.conf</filename> file to grant necessary
     108    privileges to users, and utilize the <application>setcap</application>
     109    utiltiy to set capabilities on specific utilities as needed. See
     110    <command>man 8 setcap</command> and <command>man 3 cap_from_text</command>
     111    for additional information.</para>
     112 
     113  </sect2>
     114
    90115  <sect2 role="content">
    91116    <title>Contents</title>
Note: See TracChangeset for help on using the changeset viewer.