Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 4 Nov 2002 04:24:56 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 4 Nov 2002 04:24:56 -0500 Received: from main.gmane.org ([80.91.224.249]:44171 "EHLO main.gmane.org") by vger.kernel.org with ESMTP id ; Mon, 4 Nov 2002 04:24:56 -0500 To: linux-kernel@vger.kernel.org X-Injected-Via-Gmane: http://gmane.org/ Path: pressi.com!nobody From: Antti Salmela Subject: Re: Filesystem Capabilities in 2.6? Date: Mon, 4 Nov 2002 11:25:08 +0200 Message-ID: References: <1036307763.31699.214.camel@thud> NNTP-Posting-Host: poseidon.pressi.com X-Trace: main.gmane.org 1036401839 983 194.100.77.228 (4 Nov 2002 09:23:59 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Mon, 4 Nov 2002 09:23:59 +0000 (UTC) User-Agent: slrn/0.9.7.4 (Linux) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 682 Lines: 13 Dax Kelson wrote: > Each app should run in its own security context by itself. That is why > I have all the following users in my /etc/passwd: > > apache nscd squid xfs ident rpc pcap nfsnobody radvd gdm named ntp Well, wouldn't it be then logical to associate uids to capabilities, e.g. I could have ping binary setuid to user ping which would have just the necessary capabilities to operate? -- Antti Salmela - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/