Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
compartment(chroot), capabilities and user on kernel 2.4
  • From: Dietrich Meyer <dietrich@xxxxxxxxxxxxxx>
  • Date: Wed, 9 Jan 2002 10:45:27 +0000
  • Message-id: <20020109104527.01E1CC0E@xxxxxxxxxxxxxxxxxxxx>
Hi all,

in the documentation ot the compartment script (of SUSE 7.3), I found a note
that under kernel 2.4, it would be possible to use capabilities together with
a non-root user, which was impossible for kernels 2.2.x.

I tried to get it to work (in my case, BIND8 using the init_bind8 script from
the compartment-documentation).
I modified the script so that a minimal /etc/passwd and /etc/group was put
into the chroot-dir,and "chowned" /var/named to the new user.
Finally, I changed the call to compartment, added '--user newuser' and
changed '--group newgroup'. But wouldn't start :-(

So my question: Is it in principle possible to use different users (non-root)
together with capabilities? If yes, I will try a bit more..... Or maybe if
anybody sees something obvious missing in my procedure, please tell me.
Thanks!!!!



Dietrich



--
Dr. Dietrich Meyer
Domain Names Worldwide
SunnyNames llp

www.sunnynames.com
email: info@xxxxxxxxxxxxxx


-- --

This message may contain privileged and/or confidential
information. If you are not the addressee or authorized to
receive this for the addressee, you must not use, copy,
disclose or take any action based on this message or any
information therein. If you have received this message in
error, please advise the sender immediately by reply e-mail
and delete this message. SunnyNames llp thanks you for your
cooperation.

< Previous Next >
Follow Ups