Attila <vodoo0904@sonnenkinder.org> wrote:
At Donnerstag, 28. Januar 2010 10:22 Joerg Schilling wrote:
I don't find the most of your sugestions in "man 7 capabilities".
file_dac_read Permission to open any device file = cap_dac_readsearch ??
Most likely CAP_DAC_OVERRIDE
sys_devices Permission to send anc SCSI command Nothing found.
Most likely at least CAP_SYS_RAWIO I am nowever not sur whether this is sufficient.
proc_lock_memory Lock into memory = cap_ipc_lock
Looks correct.
proc_priocntl Increase priority Nothing found.
Most likely CAP_SYS_NICE
net_privaddr Allow ports < 1024, needed for RSCSI cap_net_bind_service
Looks correct.
Is it really such a problem to stay with "chmod 4710"?
As long as there is no support code in Linux distros to set capabilities without making the target program suid root anyway, I see no other possibility than to stay with chown root cdrecord cdda2wav readcd chmod 4711 cdrecord cdda2wav readcd Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily