Accessfs: permission filesystem for linux
This is a new file system to manage permissions. It is not very useful on its own. You need to load other modules below.
User permission based IP ports
With this module, you will be able to control access to IP ports based on user-/groupid.
There’s no need anymore to run internet daemons as root. You can individually configure which user/program can bind to protected ports (by default, below 1024).
For example, you can say, user www is allowed to bind to port 80 or user mail is allowed to bind to port 25. Then, you can run apache as user www and sendmail as user mail. Now, you don’t have to rely on apache or sendmail giving up superuser rights to enhance security.
To use this option, you need to mount the access file system and do a chown on the appropriate ports:
mount -t accessfs none /proc/access chown www /proc/access/net/ip/bind/80 chown mail /proc/access/net/ip/bind/25
You can grant access to a group for individual ports as well. Just say:
chgrp lp /proc/access/net/ip/bind/515 chmod g+x /proc/access/net/ip/bind/515
User permission based capabilities
With this module, you will be able to grant capabilities based on user-/groupid (root by default).
For example you can create a group raw and change the capability net_raw to this group:
chgrp raw /proc/access/capabilities/net_raw chmod ug+x /proc/access/capabilities/net_raw chgrp raw /sbin/ping chmod u-s /sbin/ping; chmod g+s /sbin/ping
LD_PRELOAD is a glibc feature, which allows to override system library functions. But this means also a security hole, through which an attacker might gain unauthorized privileges. This is already prevented for SUID and SGID binaries.
Of course, GNU libc doesn’t know about accessfs and doesn’t disable
LD_PRELOAD for these privileged executables. This means, you must be careful, which users and groups you grant access to ports or capabilities.