home *** CD-ROM | disk | FTP | other *** search
-
-
-
- ccccaaaappppaaaabbbbiiiilllliiiittttyyyy((((4444)))) ccccaaaappppaaaabbbbiiiilllliiiittttyyyy((((4444))))
-
-
-
- NNNNAAAAMMMMEEEE
- capability - user capability database
-
- DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
- The file /_e_t_c/_c_a_p_a_b_i_l_i_t_y describes the default capability set a user may
- have when logging onto the system, and the maximum capability set a user
- may have when logging onto the system or using the _s_u(1M) command. There
- is one entry for each user. Each entry is separated from the next by a
- newline. Each field within each entry is separated by a colon. An entry
- beginning with # is ignored.
-
- The _c_a_p_a_b_i_l_i_t_y file contains the following information for each user:
-
- name User's login name. This must exactly match the corresponding
- entry in /_e_t_c/_p_a_s_s_w_d.
-
- default capability set
- The default capability set a user gets when logging onto the
- system. This consists of a capability set in a form acceptable
- to _c_a_p__f_r_o_m__t_e_x_t(3C).
-
- maximum capability set
- The maximum capability set a user may specify when logging onto
- the system, or when using _s_u(1M). This field has the same form
- as the _d_e_f_a_u_l_t field. This field should be a superset of the
- _d_e_f_a_u_l_t field.
-
- EEEEXXXXAAAAMMMMPPPPLLLLEEEE
- Here is a sample /_e_t_c/_c_a_p_a_b_i_l_i_t_y file:
-
- root:all+eip:all+eip
- sysadm:all=:all=
- cmwlogin:all+eip:all+eip
- diag:all=:all=
- daemon:all=:all=
- bin:all=:all=
- uucp:all=:all=
- sys:all=:all=
- adm:all=:all=
- lp:all=:all=
- nuucp:all=:all=
- auditor:CAP_AUDIT_WRITE,CAP_AUDIT_CONTROL,CAP_KILL+eip:CAP_AUDIT_WRITE,CAP_AUDIT_CONTROL,CAP_KILL+eip
- dbadmin:all=:all=
- xserver:all=:all=
- demos:all=:all=
- tutor:all=:all=
- guest:all=:all=
- jenny:all=:CAP_DAC_READ_SEARCH+eip
-
-
-
-
-
-
-
- PPPPaaaaggggeeee 1111
-
-
-
-
-
-
- ccccaaaappppaaaabbbbiiiilllliiiittttyyyy((((4444)))) ccccaaaappppaaaabbbbiiiilllliiiittttyyyy((((4444))))
-
-
-
- In this example, there are specific entries for users _r_o_o_t and _a_u_d_i_t_o_r,
- to assure that they have non-empty capability sets when logging in, and
- that they can acquire all the capabilities they need when necessary.
- There is also a specific entry for user _j_e_n_n_y, who has an empty
- capability set by default, but can request CCCCAAAAPPPP____DDDDAAAACCCC____RRRREEEEAAAADDDD____SSSSEEEEAAAARRRRCCCCHHHH capability
- when necessary
-
- FFFFIIIILLLLEEEESSSS
- /etc/capability
-
- SSSSEEEEEEEE AAAALLLLSSSSOOOO
- cap_from_text(3C), chcap(1), login(1), passwd(1), su(1M).
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- PPPPaaaaggggeeee 2222
-
-
-
-
