Contents
Installed Programs:
None
Installed Library:
pam_cap.so
Installed Directories:
None
libcap-2.31 with PAM
Introduction to libcap with PAM
The libcap package was installed in LFS, but if Linux-PAM support is desired, the PAM module must be built (after installation of Linux-PAM).
This package is known to build and work properly using an LFS-9.1 platform.
Package Information
-
Download (HTTP): https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-2.31.tar.xz
-
Download MD5 sum: 52120c05dc797b01f5a7ae70f4335e96
-
Download size: 97 KB
-
Estimated disk space required: 1 MB
-
Estimated build time: less than 0.1 SBU
libcap Dependencies
Required
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/libcap
Installation of libcap
![[Note]](../images/note.png)
Note
If you are upgrading libcap from a previous version, use the instructions in LFS libcap page to upgrade libcap. If the PAM module has been built, it will automatically be picked up.
Install libcap by running the following commands:
make -C pam_cap
This package does not come with a test suite.
Now, as the root user:
install -v -m755 pam_cap/pam_cap.so /lib/security && install -v -m644 pam_cap/capability.conf /etc/security
Configuring Libcap
In order to allow Linux-PAM to
grant privileges based on POSIX capabilites, you need to add the
libcap module to the begining of the /etc/pam.d/system-auth file. Make the required
edits with the following commands:
mv -v /etc/pam.d/system-auth{,.bak} &&
cat > /etc/pam.d/system-auth << "EOF" &&
# Begin /etc/pam.d/system-auth
auth optional pam_cap.so
EOF
tail -n +3 /etc/pam.d/system-auth.bak >> /etc/pam.d/system-auth
Additonally, you'll need to modify the /etc/security/capability.conf file to grant
necessary privileges to users, and utilize the setcap utility to set
capabilities on specific utilities as needed. See man 8 setcap and man 3 cap_from_text for
additional information.
Last updated on 2020-02-15 08:54:30 -0800