I was curious if there was a capabilities module which would allow me to
set pam to give users logging in a particular set of capabilities. I read
a bit of a capabilities overview document and it looks as if this could be
done by giving the appropriate inheritable permissions to whatever process
is spawning off the users shell? (im new to this so i dont know exactly
how it'd work).

Also would it be possible to somehow set the capability set of services
that start up? (apache, or bind, etc?) [I dont see how this fits in with
authentication, anywhere else in pam tho?]

On an unrelated note, does anyone out there know if its possible to log
file access attempts? (open as read only, read write, delete) I would
assume that this would come in the form of a kernel patch. I was thinking
that one of the ext2 extended attributes could be set to +[some letter
denoting audit] to enable auditing of accesses on a file? (I know this
would be someting to post to linux-kernel list, but, I figured I'd suggest
it here first)

Thanks,
Mathew Johnston

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]