Attila <vodoo0904@xxxxxxxxxxxxxxxx> wrote:
> At Donnerstag, 28. Januar 2010 10:22 Joerg Schilling wrote:
>
> I don't find the most of your sugestions in "man 7 capabilities".
>
> > file_dac_read Permission to open any device file
> = cap_dac_readsearch ??
Most likely CAP_DAC_OVERRIDE
> > sys_devices Permission to send anc SCSI command
> Nothing found.
Most likely at least CAP_SYS_RAWIO
I am nowever not sur whether this is sufficient.
> > proc_lock_memory Lock into memory
> = cap_ipc_lock
Looks correct.
> > proc_priocntl Increase priority
> Nothing found.
Most likely CAP_SYS_NICE
> > net_privaddr Allow ports < 1024, needed for RSCSI
> cap_net_bind_service
Looks correct.
> Is it really such a problem to stay with "chmod 4710"?
As long as there is no support code in Linux distros to set
capabilities without making the target program suid root anyway,
I see no other possibility than to stay with
chown root cdrecord cdda2wav readcd
chmod 4711 cdrecord cdda2wav readcd
Jörg
--
EMail:joerg@xxxxxxxxxxxxxxxxxxxxxxxxxxx (home) Jörg Schilling D-13353 Berlin
js@xxxxxxxxxxxxxxx (uni)
joerg.schilling@xxxxxxxxxxxxxxxxxxx (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
