home *** CD-ROM | disk | FTP | other *** search
ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) NNNNAAAAMMMMEEEE capabilities - capability mechanism SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS ####iiiinnnncccclllluuuuddddeeee <<<<ssssyyyyssss////ccccaaaappppaaaabbbbiiiilllliiiittttyyyy....hhhh>>>> DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN The capability mechanism provides fine grained control over the privileges of a process. As a process attribute, a capability allows the process to perform a specific set of restricted operations, without granting general override of the system's protection scheme. A process can possess multiple capabilities. Collectively, all defined capabilities comprise the set of abilities that are traditionally associated with the root user. Defined capabilities are: CAP_ACCT_MGT Privilege to use accounting setup _aaaa_cccc_cccc_tttt(2) system call and acctctl(3c) library call. CAP_AUDIT_CONTROL Privilege to manage the system audit trail (_ssss_aaaa_tttt______rrrr_eeee_aaaa_dddd(2) and _ssss_aaaa_tttt______wwww_rrrr_iiii_tttt_eeee(2) system calls). CAP_AUDIT_WRITE Privilege to write to the system audit trail, _ssss_aaaa_tttt______wwww_rrrr_iiii_tttt_eeee(2) system call. CAP_CHOWN Privilege to change the owner of a file not owned by the process when the system is configured with _POSIX_CHOWN_RESTRICTED enabled. CAP_CHROOT Privilege to use the _cccc_hhhh_rrrr_oooo_oooo_tttt(2) system call. CAP_DAC_EXECUTE Privilege to execute a file when the permissions or Access Control List prohibit it. CAP_DAC_READ_SEARCH Privilege to read a file or search a directory when the permissions or Access Control List prohibit it. CAP_DAC_WRITE Privilege to write a file or update a directory when the permissions or Access Control List prohibit it. CAP_DEVICE_MGT Privilege to issue restricted device management calls and _iiii_oooo_cccc_tttt_llll actions. PPPPaaaaggggeeee 1111 ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) CAP_FOWNER Privilege to operate on a file as if the process owns it (for example, change permissions, ownership, access times, etc.). CAP_FSETID Privilege to set the setuid or setgid bits of a file without being the owner. Also, the privilege to change the owner of a setuid or setgid file. CAP_INF_DOWNGRADE Not supported, silently ignored. CAP_INF_NOFLOAT_OBJ Not supported, silently ignored. CAP_INF_NOFLOAT_SUBJ Not supported, silently ignored. CAP_INF_RELABEL_SUBJ Not supported, silently ignored. CAP_INF_UPGRADE Not supported, silently ignored. CAP_KILL Privilege to send a signal to a process that is not owned by the sender. Also, privilege to use process synchronization calls (_pppp_rrrr_oooo_cccc_bbbb_llll_kkkk) to a process. CAP_LINK_DIR Not supported. CAP_MAC_DOWNGRADE Privilege to change the MAC label of an object to a value that is dominated by the previous label. (Only on systems with MAC enabled.) CAP_MAC_MLD Allows a process to change its own MAC label to a moldy label. A process with a moldy label can view the hidden directory structure of a multilevel directory. (Only on systems with MAC enabled.) CAP_MAC_READ Privilege to read information whose MAC label dominates that of the reader. (Only on systems with MAC enabled.) CAP_MAC_RELABEL_OPEN Privilege to change the MAC label of an open file. (Only on systems with MAC enabled.) PPPPaaaaggggeeee 2222 ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) CAP_MAC_RELABEL_SUBJ Allows a process to change its own MAC label. (Only on systems with MAC enabled.) CAP_MAC_UPGRADE Privilege to change the MAC label of an object to a value that dominates the previous label. (Only on systems with MAC enabled.) CAP_MAC_WRITE Privilege to write information whose MAC label does not equal that of the writer. (Only on systems with MAC enabled.) CAP_MEMORY_MGT Privilege to issue restricted memory management calls, primarily memory locking. CAP_MKNOD Alias for CAP_DEVICE_MGT. CAP_MOUNT_MGT Privilege to use the _mmmm_oooo_uuuu_nnnn_tttt(2) and _uuuu_nnnn_mmmm_oooo_uuuu_nnnn_tttt(2) system calls. CAP_NETWORK_MGT Privilege to issue restricted networking calls (for example, setting the network interface MAC address, network interface device management, etc.). CAP_NVRAM_MGT Alias for CAP_SYSINFO_MGT. CAP_PRIV_PORT Privilege to open a _ssss_oooo_cccc_kkkk_eeee_tttt on a privileged TCP port. CAP_PROC_MGT Privilege to issue restricted process management calls. CAP_QUOTA_MGT Privilege to issue restricted quota management calls. CAP_SCHED_MGT Privilege to issue restricted scheduler calls, such as the real time scheduler interfaces. CAP_SETFCAP Privilege to change the capability sets of a file. CAP_SETGID Allows a process to change its real GID, effective GID, saved GID, and process group ID. PPPPaaaaggggeeee 3333 ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) CAP_SETPCAP Allows a process to change its capability sets. CAP_SETUID Allows a process to change its real, effective and saved UIDs. CAP_SHUTDOWN Privilege to shutdown or reboot the system. This capability alone may be insufficient to perform the /etc/shutdown operation. CAP_SIGMASK Not supported, silently ignored. CAP_STREAMS_MGT Privilege to use restricted STREAMS calls and operations. CAP_SWAP_MGT Privilege to use the _ssss_wwww_aaaa_pppp(2) system call. CAP_SYSINFO_MGT Privilege to set system information (for example, _hhhh_oooo_ssss_tttt_nnnn_aaaa_mmmm_eeee values, NVRAM values, etc.). CAP_SVIPC_MGT Not supported, silently ignored. CAP_TIME_MGT Privilege to set the system time. CAP_XTCB Identifies a trusted client to the X server (that is trusted patth). A process has three, possibly empty, sets of capabilities. The permitted capability set is the maximum set of capabilities for the process. The effective capability set contains those capabilities that are currently active for the process. The inherited capability set contains those capabilities that the process may pass to the next process image across _eeee_xxxx_eeee_cccc(2). Only capabilities in a process' effective capability set allow the process to perform restricted operations. A process may use capability management functions to add or remove capabilities from its effective capability set. However the capabilities that a process can make effective are limited to those that exist in its permitted capability set. Only capabilities in the process' inherited capability set can be passed across _eeee_xxxx_eeee_cccc(2). Capabilities are also associated with files. There may or may not be a capability set associated with a specific file. If a file has no capability set, execution of this file through an _eeee_xxxx_eeee_cccc(2) will leave the PPPPaaaaggggeeee 4444 ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) process' capability set unchanged. If a file has a capability set, execution of file will affect the process' capability set in the following way: a file's inherited capability set further constrains the process inherited capabilities that are passed from one process image to another. The file's permitted capability set contains the capabilities that are unconditionally permitted to a process upon execution of that file. The file's effective capabilities are the capabilities that become immediately active for the process upon execution of the file. More precisely described, the process capability assignment algorithm is: I-proc-new = I-proc-old & I-file P-proc-new = P-file | (I-proc-new & P-proc-old) E-proc-new = P-proc-new & E-file File capabilities are supported only on XFS filesystems. At the interface to the library routines, the capability sets are represented in a _s_t_r_u_c_t _c_a_p__s_e_t which is defined in <_s_y_s/_c_a_p_a_b_i_l_i_t_y._h>. typedef __uint64_t cap_value_t; struct cap_set { cap_value_t cap_effective; /* use in capability checks */ cap_value_t cap_permitted; /* combined with file attrs */ cap_value_t cap_inheritable;/* pass through exec */ }; typedef struct cap_set cap_set_t; typedef struct cap_set * cap_t; Macros in _<<<<_ssss_yyyy_ssss_////_cccc_aaaa_pppp_aaaa_bbbb_iiii_llll_iiii_tttt_yyyy_...._hhhh_>>>> may be used to query, set or examine the capability sets. EEEEXXXXTTTTEEEERRRRNNNNAAAALLLL RRRREEEEPPPPRRRREEEESSSSEEEENNNNTTTTAAAATTTTIIIIOOOONNNN The routines _cccc_aaaa_pppp______ffff_rrrr_oooo_mmmm______tttt_eeee_xxxx_tttt(3c) and _cccc_aaaa_pppp______tttt_oooo______tttt_eeee_xxxx_tttt(3c) do the conversion between the internal structures and the external text form of capabilities. The output of _cccc_aaaa_pppp______tttt_oooo______tttt_eeee_xxxx_tttt may be used in _cccc_aaaa_pppp______ffff_rrrr_oooo_mmmm______tttt_eeee_xxxx_tttt to recreate the original capability sets. The text representation of capability sets is a string, which consists of one or more capability lists. Each capability list has the form: capname[,capname]OF where capname is a defined capability name (described above). The name ALL indicates all capabilities. F is a sequence of one or more flags chosen from "e", "i", "p" indicating which capability sets are to be affected. "e" indicates the effective capability set, "p" indicates the permitted capability set, and "i" PPPPaaaaggggeeee 5555 ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) ccccaaaappppaaaabbbbiiiilllliiiittttiiiieeeessss((((4444)))) indicates the inherited capability set. O is the operation chosen from "=", "+", "-", indicating to initialize, add, or delete the specified capabilities in the affected capability sets. The capability lists are interpreted sequentially. All characters from the symbol "#" to the end of the line are interpreted as comments and are ignored. SSSSEEEEEEEE AAAALLLLSSSSOOOO chcap(1), cap_from_text(3C), cap_get_proc(3C), cap_set_proc(3C), cap_to_text(3C), capability(4), dominance(5). PPPPaaaaggggeeee 6666 
