ons 2010-12-22 klockan 00:59 +0100 skrev Miloslav Trmač:

> This is possible, but it would be a much larger change to the system.
> To take a particular example, look at /etc/shadow.
> 
> It needs to be protected against attackers, so it should not be owned by
> root - let's make it owned by "adm", say.

Imho in that specific case it should be protected by two group acls. One
group for writing/modifying, another for reading.

No need for capabilities at all, just setgroupid and file acls. shadow
have no special significance to kernel functions.

Regards
Henrik

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Reply via email to