업무/etc
[Linux] setcap/getcap 명령어를 사용한 capabilities 설정
sysops
2018. 11. 28. 15:41
728x90
CAP_NET_BIND_SERVICE이 1024이하 포트(privileged ports)에 대해 권한 부여 역할
CentOS : yum install libcap pam-devel
-e : effective 효력 부여
-p : Permitted 허용
-i : Inheritable 권한 상속 여부(execve)
# setcap 'cap_net_bind_service=+ep' /usr/bin/nc (설정추가)
# getcap /usr/bin/nc
/usr/bin/nc = cap_net_bind_service+ep
# setcap -r /usr/bin/nc (설정삭제)
# getcap /usr/bin/nc
su를 이용한 유저별 권한 부여
vi /etc/security/capability.conf
# needed to run packet sniffers
cap_net_bind_service test
참고 :
http://coffeenix.net/board_view.php?cata_code=0&bd_code=1716&bpage=&bd_search_type=text&bd_search=cap
https://ab.id.au/2009/08/posixcaps/
728x90