hilfe mein git ist komisch
This commit is contained in:
cutemeli
60
etc/security/capability.conf
Normal file
60
etc/security/capability.conf
Normal file
@@ -0,0 +1,60 @@
|
||||
#
|
||||
# /etc/security/capability.conf
|
||||
#
|
||||
# this is a sample capability file (to be used in conjunction with
|
||||
# the pam_cap.so module)
|
||||
#
|
||||
# In order to use this module, it must have been linked with libcap
|
||||
# and thus you'll know about Linux's capability support.
|
||||
# [If you don't know about libcap, read more about it here:
|
||||
#
|
||||
# https://sites.google.com/site/fullycapable/
|
||||
#
|
||||
# There is a page devoted to pam_cap.so here:
|
||||
#
|
||||
# https://sites.google.com/site/fullycapable/pam_cap-so
|
||||
#
|
||||
# .]
|
||||
#
|
||||
# Here are some sample lines (remove the preceding '#' if you want to
|
||||
# use them.
|
||||
#
|
||||
# The pam_cap.so module accepts the following arguments:
|
||||
#
|
||||
# debug - be more verbose logging things (unused by pam_cap for now)
|
||||
# config=<file> - override the default config for the module with file
|
||||
# keepcaps - workaround for applications that setuid without this
|
||||
# autoauth - if you want pam_cap.so to always succeed for the auth phase
|
||||
# default=<iab> - provide a fallback IAB value if there is no '*' rule
|
||||
|
||||
## user 'morgan' gets the CAP_SETFCAP inheritable capability (commented out!)
|
||||
#cap_setfcap morgan
|
||||
|
||||
## user 'luser' inherits the CAP_DAC_OVERRIDE capability (commented out!)
|
||||
#cap_dac_override luser
|
||||
|
||||
## 'everyone else' gets no inheritable capabilities (restrictive config)
|
||||
none *
|
||||
|
||||
## if there is no '*' entry, and no "default=<iab>" pam_cap.so module
|
||||
## argument to fallback on, all users not explicitly mentioned will
|
||||
## get all currently available inheritable capabilities. This is a
|
||||
## permissive default, and possibly not what you want... On first
|
||||
## reading, you might think this is a security problem waiting to
|
||||
## happen, but it defaults to not being so in this sample file!
|
||||
## Further, by 'get', we mean 'get in their IAB sets'. That is, if you
|
||||
## look at a random process, even one run by root, you will see it has
|
||||
## no IAB capabilities (by default):
|
||||
##
|
||||
## $ /sbin/capsh --decode=$(grep CapInh /proc/1/status|awk '{print $2}')
|
||||
## 0000000000000000=
|
||||
##
|
||||
## The pam_cap module simply alters the value of the inheritable
|
||||
## capability vactors (IAB). Including the 'none *' forces use of this
|
||||
## module with an unspecified user to have their inheritable set
|
||||
## forced to zero.
|
||||
##
|
||||
## Omitting the line will cause the inheritable set to be unmodified
|
||||
## from what the parent process had (which is generally 0 unless the
|
||||
## invoking user was bestowed with some inheritable capabilities by a
|
||||
## previous invocation).
|
||||
Reference in New Issue
Block a user