Changeset 8eebfaa5 for postlfs/security/libcap.xml
- Timestamp:
- 05/24/2019 03:19:39 AM (5 years ago)
- Branches:
- elogind
- Children:
- 4d390d2
- Parents:
- 5e8edab5
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/libcap.xml
r5e8edab5 r8eebfaa5 88 88 </sect2> 89 89 90 <sect2 role="configuration"> 91 <title>Configuring Libcap</title> 92 93 <para>In order to allow <application>Linux-PAM</application> to grant 94 privileges based on POSIX capabilites, you need to add the libcap module 95 to the begining of the <filename>/etc/pam.d/system-auth</filename> file. 96 Make the required edits with the following commands:</para> 97 98 <screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} && 99 cat > /etc/pam.d/system-auth << "EOF" && 100 # Begin /etc/pam.d/system-auth 101 102 auth optional pam_cap.so 103 EOF 104 tail -n +3 /etc/pam.d/system-auth.bak << /etc/pam.d/system-auth</userinput></screen> 105 106 <para>Additonally, you'll need to modify the 107 <filename>/etc/security/capability.conf</filename> file to grant necessary 108 privileges to users, and utilize the <application>setcap</application> 109 utiltiy to set capabilities on specific utilities as needed. See 110 <command>man 8 setcap</command> and <command>man 3 cap_from_text</command> 111 for additional information.</para> 112 113 </sect2> 114 90 115 <sect2 role="content"> 91 116 <title>Contents</title>
Note:
See TracChangeset
for help on using the changeset viewer.