Changeset 8eebfaa5 for postlfs/security/libcap.xml

Timestamp:

05/24/2019 03:19:39 AM (5 years ago)

Author:

DJ Lucas <dj@…>

Branches:

elogind

Children:

4d390d2

Parents:

5e8edab5

Message:

Merge to HEAD 21620.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/BOOK-elogind@21621 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/libcap.xml (modified) (1 diff)

postlfs/security/libcap.xml

@@ -88 +88 @@
   </sect2>
 
+  <sect2 role="configuration">
+    <title>Configuring Libcap</title>
+
+    <para>In order to allow <application>Linux-PAM</application> to grant
+    privileges based on POSIX capabilites, you need to add the libcap module
+    to the begining of the <filename>/etc/pam.d/system-auth</filename> file.
+    Make the required edits with the following commands:</para>
+
+<screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} &amp;&amp;
+cat &gt; /etc/pam.d/system-auth &lt;&lt; "EOF" &amp;&amp;
+# Begin /etc/pam.d/system-auth
+
+auth      optional    pam_cap.so
+EOF
+tail -n +3 /etc/pam.d/system-auth.bak &lt;&lt; /etc/pam.d/system-auth</userinput></screen>
+
+    <para>Additonally, you'll need to modify the
+    <filename>/etc/security/capability.conf</filename> file to grant necessary
+    privileges to users, and utilize the <application>setcap</application>
+    utiltiy to set capabilities on specific utilities as needed. See
+    <command>man 8 setcap</command> and <command>man 3 cap_from_text</command>
+    for additional information.</para>
+ 
+  </sect2>
+
   <sect2 role="content">
     <title>Contents</title>