Feature changed by: Pascal Bleser (pbleser) Feature #307254, revision 5 Title: Use POSIX capabilities instead of suid openSUSE-11.3: Unconfirmed Priority Requester: Neutral Requested by: Pascal Bleser (pbleser) Description: Use POSIX file capabilities instead of suid processes and running e.g. Apache as root: * http://www.nuxified.org/blog/dear-distributors (http://www.nuxified.org/blog/dear-distributors) * http://www.friedhoff.org/posixfilecaps.html (http://www.friedhoff.org/posixfilecaps.html) * https://www.redhat.com/archives/fedora-devel-list/2009-July/msg01568.html (https://www.redhat.com/archives/fedora-devel-list/2009-July/msg01568.html) Discussion: #1: Jan Engelhardt (jengelh) (2009-08-09 14:21:02) Some tools like tar(1) do not even support recording Xattrs/ACLs (yet people still use that for backups), and Filesystem Capabilities (not POSIX capabilities) would not be recorded either. Such should really be addresses first, more or less. + #2: Pascal Bleser (pbleser) (2009-08-10 01:30:22) (reply to #1) + No question, it's a mid term objective. And not exactly trivial to + solve either. + I posted this feature rather as a reminder that that enhancement + exists, and that Fedora is trying to get it implemented. Just to keep + an eye on it ;) -- openSUSE Feature: https://features.opensuse.org/307254