Filesystem capabilities for linux

Submitted by olaf on 2002-10-18
Last modified at 2008-08-10
Tags: linux kernel

The user space tools are not POSIX compatible. This implementation adds filesystem capabilities to the Linux kernel. It doesn’t change how capabilities were used and interpreted in the kernel proper.

With this patch, you will be able to grant selective privileges to executables on a needed basis. This means for some executables, there is no need anymore to run as root or as a suid root binary.

For example, you may drop the SUID bit from ping and grant the CAP_NET_RAW capability:

chmod u-s /bin/ping
chcap cap_net_raw=ep /bin/ping

Another use would be to run system daemons with their own uid:

chcap cap_net_bind_service=ei /usr/sbin/named

This sets the effective and inheritable capabilities of named.

In your startup script:

inhcaps cap_net_bind_service=i bind:bind /usr/sbin/named

This sets the inheritable set to CAP_NET_BIND_SERVICE, which is needed in order to bind to port 53, and runs named as user bind with group bind.

This allows running named with needed restricted privileges, if the parent process (root) owns them already. When started by regular users, named runs without any privileges.

Warning

resize2fs(8) might relocate inodes and thus break fs capabilities. For this to work you must dump the capability db before you resize and restore the db afterwards.

Links and other capability implementations

FileDateSize
fscaps-2.6.26-0.19.patch.gz 2008-08-10 16:09 5.4 k
fscaps-2.6.26-0.18.patch.gz 2008-08-08 22:13 5.4 k
fscaps-2.6.25-0.18.patch.gz 2008-05-12 22:51 5.4 k
fscaps-2.6.23-0.17.patch.gz 2007-10-26 18:01 5.4 k
fscaps-2.6.19-0.16.patch.gz 2006-12-03 15:55 5.0 k
fscaps-2.6.18-0.16.patch.gz 2006-09-22 14:52 4.9 k
fscaps-2.6.15-0.16.patch.gz 2006-01-14 22:18 5.0 k
fscaps-2.6.12-0.16.patch.gz 2005-09-01 20:41 5.0 k
fscaps-2.6.13-0.16.patch.gz 2005-09-01 20:41 5.0 k
fscaps-2.6.9-0.16.patch.gz 2004-10-24 01:03 5.0 k
fscaps-2.6.7-0.16.patch.gz 2004-07-22 14:49 4.9 k
fscaps-2.6.2-0.15.patch.gz 2004-02-07 19:56 4.9 k
fscaps-2.6.0-test6-0.15.patch.gz 2003-10-04 01:44 4.9 k
fscaps-2.6.0-test2-0.15.patch.gz 2003-07-28 11:53 5.0 k
fscaps-2.5.72-0.14.patch.gz 2003-06-25 01:25 4.9 k
fscaps-2.5.60-0.14.patch.gz 2003-02-11 02:20 4.9 k
fscaps-2.5.54-0.14.patch.gz 2003-01-02 16:43 5.0 k
fscaps-2.5.52-0.13.patch.gz 2002-12-16 17:46 5.0 k
fscaps-2.5.46-0.12.patch.gz 2002-12-11 17:46 5.0 k
fscaps-2.5.51-0.12.patch.gz 2002-12-11 17:15 5.0 k
fscaps-2.5.46-0.11.patch.gz 2002-11-07 14:31 5.0 k
fscaps-2.5.46-0.10.patch.gz 2002-11-05 16:49 4.9 k
fscaps-2.5.45-0.9.patch.gz 2002-11-01 18:58 4.7 k
fscaps-2.5.45-0.7.patch.gz 2002-10-31 14:40 4.7 k
fscaps-2.5.45-0.8.patch.gz 2002-10-31 14:40 4.7 k
fscaps-2.5.44-0.7.patch.gz 2002-10-31 02:18 4.8 k
fscaps-2.5.44-0.6.patch.gz 2002-10-30 16:00 3.2 k
chcap-0.2.c 2002-10-31 14:36 2.4 k
inhcaps.c 2002-10-30 14:57 2.0 k
lscap.c 2003-10-04 01:44 2.6 k
dumpcaps.pl 2002-11-02 19:10 2.4 k

Post a comment

All comments are held for moderation; Markdown and basic HTML formatting accepted. If you want to stay anonymous, leave name, e-mail and website empty.