Ask Your Question

Replacement of

asked 2017-11-30 20:43:12 -0500

q2dg gravatar image module is missing in Fedora.

Although I haven't found any notice about it, I suspect the reason could be it is deprecated because, documentation is pretty old and this module (which is present in Ubuntu repositories) doesn't work there neither.

Anyway, how can I restrict use of kernel capabilities to certain users, then? Thanks!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2017-12-01 00:17:53 -0500

villykruse gravatar image

It is not missing in fedora. is provided by the libcap package.

$ rpm -ql libcap
edit flag offensive delete link more


Oooh, sorry! I was looking at "pam" package. Anyway, I miss its man page (man pam_cap), which I haven't been able to find. Thanks a lot!!!!

q2dg gravatar imageq2dg ( 2017-12-01 05:08:55 -0500 )edit

You will need to use the ubunto manpage.

villykruse gravatar imagevillykruse ( 2017-12-01 06:28:22 -0500 )edit

I see.../etc/security/capability.conf isn't created by default...

q2dg gravatar imageq2dg ( 2017-12-01 06:43:27 -0500 )edit

It doesn't work neither . If I assign a capability to a binary (setcap capnetraw=ip /bin/customping), all users can enjoy it : via pam_cap I've not been able to restrict this to only a "selected" pool of privileged users.

I desist.

NOTE: I've put at the beginning of /etc/pam.d/su the line "auth required" and at the beginning of /etc/security/capability.conf the line "capnet_raw userPrivileged" and, below it, the line "none *"

q2dg gravatar imageq2dg ( 2017-12-01 06:50:03 -0500 )edit

Question Tools

1 follower


Asked: 2017-11-30 20:43:12 -0500

Seen: 155 times

Last updated: Dec 01 '17