[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: capabilities

Previously Marco d'Itri wrote:
> What would you all think about a patch to start-stop-daemon to remove
> capabilities from spawned daemons?
> Whith this patch many daemons would not need uid=0 anymore.

You either run with uid=0 and remove capabilities, or run with another
uid and add capabilities. Make up your mind :).

The right solution is probabily either something like a capd, or a
capabilities-enhanced filesystem (I think there are patches for ext2fs,
and ext3fs already has it?).


This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: wichert@cs.leidenuniv.nl
WWW: http://www.wi.leidenuniv.nl/~wichert/

Attachment: pgpZRHetQBf8s.pgp
Description: PGP signature

Reply to: