ons 2010-12-22 klockan 00:59 +0100 skrev Miloslav Trmač: > This is possible, but it would be a much larger change to the system. > To take a particular example, look at /etc/shadow. > > It needs to be protected against attackers, so it should not be owned by > root - let's make it owned by "adm", say.
Imho in that specific case it should be protected by two group acls. One group for writing/modifying, another for reading. No need for capabilities at all, just setgroupid and file acls. shadow have no special significance to kernel functions. Regards Henrik -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
