Contents
Installed Programs: None
Installed Library: pam_cap.so
Installed Directories: None
Introduction to libcap with PAM
The libcap package was installed in LFS, but if Linux-PAM support is desired, the PAM module must be built (after installation of Linux-PAM).
This package is known to build and work properly using an LFS 12.4 platform.
Package Information
Download (HTTP): https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-2.77.tar.xz
Download SHA256 Sum: 897bc18b44afc26c70e78cead3dbb31e154acc24bee085a5a09079a88dbf6f52
Download MD5 sum: 58048c92f90ef8513c17fb9c24c2c1bd
Download size: 196 KB
Estimated disk space required: 2.3 MB
Estimated build time: less than 0.1 SBU
libcap Dependencies
Required
Installation of libcap
![[Note]](../images/note.png)
Note
If you are upgrading libcap from a previous version, use the instructions in the section called “Libcap-2.77” to upgrade libcap. If Linux-PAM-1.7.1 has been built, the PAM module will automatically be built too.
Install libcap by running the following commands:
make -C pam_cap
This package does not come with a test suite.
Now Install, as the root user:
install -v -m755 pam_cap/pam_cap.so /usr/lib/security install -v -m644 pam_cap/capability.conf /etc/security
Configuring Libcap
In order to allow Linux-PAM to grant
privileges based on POSIX capabilities, you need to add the libcap module
to the beginning of the /etc/pam.d/system-auth file.
Make the required edits with the following commands:
mv -v /etc/pam.d/system-auth{,.bak}
cat > /etc/pam.d/system-auth << "EOF"
# Begin /etc/pam.d/system-auth
auth optional pam_cap.so
EOF
tail -n +3 /etc/pam.d/system-auth.bak >> /etc/pam.d/system-auth
Additionally, you'll need to modify the
/etc/security/capability.conf file to grant
necessary privileges to users, and utilize the setcap
utility to set capabilities on specific utilities as needed. See
man 8 setcap and
man 3 cap_from_text for additional information.