linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-02-03 14:47:17 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add Linux-PAM configuration for libcap.

Browse Source 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@21620 af4574ff-66df-0310-9fd7-8a98e5e911e0
This commit is contained in:
DJ Lucas 2019-05-24 03:18:24 +00:00
parent 9da30c5415
commit 3706c7fe34
3 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
general.ent
View File

@ -1,12 +1,12 @@
<!-- $LastChangedBy$ $Date$ --> <!-- $LastChangedBy$ $Date$ -->
<!ENTITY day "21"> <!-- Always 2 digits --> <!ENTITY day "24"> <!-- Always 2 digits -->
<!ENTITY month "05"> <!-- Always 2 digits --> <!ENTITY month "05"> <!-- Always 2 digits -->
<!ENTITY year "2019"> <!ENTITY year "2019">
<!ENTITY copyrightdate "2001-&year;"> <!ENTITY copyrightdate "2001-&year;">
<!ENTITY copyholder "The BLFS Development Team"> <!ENTITY copyholder "The BLFS Development Team">
<!ENTITY version "&year;-&month;-&day;"> <!ENTITY version "&year;-&month;-&day;">
<!ENTITY releasedate "May 21st, &year;"> <!ENTITY releasedate "May 24th, &year;">
<!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP --> <!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
<!ENTITY blfs-version "svn"> <!-- svn|[release #] --> <!ENTITY blfs-version "svn"> <!-- svn|[release #] -->
<!ENTITY lfs-version "development"> <!-- x.y|development --> <!ENTITY lfs-version "development"> <!-- x.y|development -->

9
introduction/welcome/changelog.xml
View File

@ -41,6 +41,15 @@
</itemizedlist> </itemizedlist>
</listitem> </listitem>
--> -->
<listitem>
<para>May 24th, 2019</para>
<itemizedlist>
<listitem>
<para>[dj] - Add Linux-PAM configuration for libcap.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem> <listitem>
<para>May 21st, 2019</para> <para>May 21st, 2019</para>
<itemizedlist> <itemizedlist>

25
postlfs/security/libcap.xml
View File

@ -87,6 +87,31 @@ install -v -m644 pam_cap/capability.conf /etc/security</userinput></screen>
</sect2> </sect2>
<sect2 role="configuration">
<title>Configuring Libcap</title>
<para>In order to allow <application>Linux-PAM</application> to grant
privileges based on POSIX capabilites, you need to add the libcap module
to the begining of the <filename>/etc/pam.d/system-auth</filename> file.
Make the required edits with the following commands:</para>
<screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} &amp;&amp;
cat &gt; /etc/pam.d/system-auth &lt;&lt; "EOF" &amp;&amp;
# Begin /etc/pam.d/system-auth
auth optional pam_cap.so
EOF
tail -n +3 /etc/pam.d/system-auth.bak &lt;&lt; /etc/pam.d/system-auth</userinput></screen>
<para>Additonally, you'll need to modify the
<filename>/etc/security/capability.conf</filename> file to grant necessary
privileges to users, and utilize the <application>setcap</application>
utiltiy to set capabilities on specific utilities as needed. See
<command>man 8 setcap</command> and <command>man 3 cap_from_text</command>
for additional information.</para>
</sect2>
<sect2 role="content"> <sect2 role="content">
<title>Contents</title> <title>Contents</title>