Greetings, I have bookworm installation where I want to allow a group of users to run a specific binary that needs to execute a ioctl which is not possible for normal users. in comes pam+libcap. so I've installed libcap, updated /etc/security/capability.conf with this line: cap_net_admin @igor then I've moved the bin I've created to /usr/local/bin and defined this in /etc/pam.d: $ cat /etc/pam.d/test1 auth optional pam_cap.so
now I'm trying to run test1 as user igor which is in the relevant group: $ id igor uid=1000(igor) gid=1000(igor) groups=1000(igor),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),100(users),106(netdev) when I run it, I get this error: $ test1 Unable to create tap device: Operation not permitted what am I going wrong? Thanks Dagg
