libcap-2.27 with PAM

Introduction to libcap with PAM

The libcap package was installed in LFS, but if Linux-PAM support is desired, the PAM module must be built (after installation of Linux-PAM).

This package is known to build and work properly using an LFS-9.0 platform.

Package Information

Download (HTTP): https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-2.27.tar.xz
Download MD5 sum: 2e8f9fab32eb5ccb37969fe317fd17aa
Download size: 68 KB
Estimated disk space required: 620 KB
Estimated build time: less than 0.1 SBU

libcap Dependencies

Required

Linux-PAM-1.3.1

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/libcap

Installation of libcap

Install libcap by running the following commands:

make -C pam_cap

This package does not come with a test suite.

Now, as the root user:

install -v -m755 pam_cap/pam_cap.so /lib/security &&
install -v -m644 pam_cap/capability.conf /etc/security

Configuring Libcap

In order to allow Linux-PAM to grant privileges based on POSIX capabilites, you need to add the libcap module to the begining of the /etc/pam.d/system-auth file. Make the required edits with the following commands:

mv -v /etc/pam.d/system-auth{,.bak} &&
cat > /etc/pam.d/system-auth << "EOF" &&
# Begin /etc/pam.d/system-auth

auth      optional    pam_cap.so
EOF
tail -n +3 /etc/pam.d/system-auth.bak >> /etc/pam.d/system-auth

Additonally, you'll need to modify the /etc/security/capability.conf file to grant necessary privileges to users, and utilize the setcap utiltiy to set capabilities on specific utilities as needed. See man 8 setcap and man 3 cap_from_text for additional information.

Installed Programs: None

Installed Library: pam_cap.so

Installed Directories: None

Last updated on 2019-08-17 15:49:15 -0700

Prev
Setting Up a Network Firewall
Next
Linux-PAM-1.3.1
Up
Home

Beyond Linux® From Scratch (systemd Edition) - Version 9.0

Chapter 4. Security