search for: execcap

...ood question. Since Linux-2.2.* has hit the streets, I'm guessing there may be wider interest in this sort of thing so I'm CC'ing my reply to linux-security. The capability stuff in the kernel provides a way to strip away all of the privilege that the superuser usually holds. Using the execcap program, you do indeed prevent the root-user from getting around the sticky bit... (This is what you observe happenning when, as 'root', you fail to delete the file in your home directory.) The reason root is still able to delete the /tmp/ file and not the /home/wini/ file is because root...

...ilities. Normally all capabilities are cleared when changing uid > from root. The sucap utility requires the CAP_SETPCAP capability. > The following example starts updated under uid updated and gid updated > with CAP_SYS_ADMIN raised in the Effective set. > > sucap updated updated execcap 'cap_sys_admin=eip' update > Or if your kernel has support of file capiblies create a version of wine with a little more permissions. setfcaps -c cap_net_raw=p -e /bin/ping There has been no reason to run wine on Linux as root since late 2.2 linux kernels and early 2.4 linux kernels....