Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Compartment and --cap
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 23 Jan 2002 11:37:16 +0200
  • Message-id: <20020123113716.A13105@xxxxxxxxxxxx>
Hi,

I am trying to chroot services via Marc's compartment. For instance for
chrooting apache I think I understood the need for -cap
CAP_NET_BIND_SERVICE since the port binding is below 1024. Hovever I do
not want to have root running the services. From reading the README file
I should be chowning the directories to something other then root. The
README file refers to capability.h file for further reference yet it
sounds Greek to me. Again from the README I understand that I can not
use --user --group with 2.2.x kernels .

I have found a document at ftp://ftp.guardian.no/pub/free/linux/capabilities/capfaq.txt describing
the capabilities.

Yet is there a plain english bersion that I could not locate or what are
the best uses of these for apache and proftp

Thanks
--
Togan Muftuoglu




< Previous Next >
Follow Ups