authbind, libcap problemy

iko iko na kamarad.cz
Úterý Duben 10 12:49:50 CEST 2001 

ahoj, 

mam up-to-date potato a libcap skompilovanu zo zdrojov v unstable 

mam problemy prinutit program beziaci pod normalnym pouzivatelom, aby 
bol schopny bindnut port 80. 

program je bash-skript, ktory vola dalsi perlovy skript, ktory zavola 
exac 

1. authbind 
- ------------ 

na volanie pouzivam: 
notes na disco:/var/local/lotus$ authbind --deep 
/usr/local/lotus/bin/server 

odmietne bindnut port 80 

vypis /etc/authbind: 
/etc/authbind/: 
celkom 12 
drwxr-xr-x    2 root     root         4096 jan  3  1999 byaddr 
drwxr-xr-x    2 root     root         4096 apr  6 12:25 byport 
drwxr-xr-x    2 root     root         4096 jan  3  1999 byuid 

/etc/authbind/byaddr: 
celkom 0 

/etc/authbind/byport: 
celkom 0 
- -rwx------    1 notes    notes           0 apr  6 12:25 110 
- -rwx------    1 notes    notes           0 apr  6 12:25 119 
- -rwx------    1 notes    notes           0 apr  6 12:25 143 
- -rwx------    1 notes    notes           0 apr  6 12:25 25 
- -rwx------    1 notes    notes           0 apr  6 12:25 389 
- -rwx------    1 notes    notes           0 apr  6 12:25 443 
- -rwx------    1 notes    notes           0 apr  6 12:25 465 
- -rwx------    1 notes    notes           0 apr  6 12:25 563 
- -rwx------    1 notes    notes           0 apr  6 12:25 636 
- -rwx------    1 notes    notes           0 apr  6 12:25 80 
- -rwx------    1 notes    notes           0 apr  6 12:25 993 
- -rwx------    1 notes    notes           0 apr  6 12:25 995 

/etc/authbind/byuid: 
celkom 0 

z dokumentacie vyplyva, ze do /etc/authbind/byport maju ist subory 
nazvane ako cisla portov a musia byt spustitelne danym uzivatelom, pod 
ktorym bezi proces, ktory si chce nabindovat dany port 

nefunguje :( 

2. execap a spol 
- ----------------- 

notes na disco:/var/local/lotus$ /sbin/execcap "cap_net_bind_service=all" 
/uar/local/lotus/bin/server 

requested capabilities were not recognized 
usage: execcap <caps> <command-path> [command-args...] 

  This program is a wrapper that can be used to limit the Inheritable 
  capabilities of a program to be executed.  Note, this wrapper is 
  intended to assist in overcoming a lack of support for filesystem 
  capability attributes and should be used to launch other files. 
  This program should _NOT_ be made setuid-0. 

[Copyright (c) 1998 Andrew G. Morgan <morgan na linux.kernel.org>] 

to je blbe, pretoze tato "capability" je definovana v 
/usr/src/linux/include/linux/capability.h, 
aj v tom, co si libcap nesie so sebou. dokonca som to nasiel aj cez 
strings v libcap.so 
nepomoze, ak odstranim uvodzovky a "=all" 

uz sa fakt citim ako blbec 

pomoze niekto? 
miro

Další informace o konferenci Linux