From: Bill Davidsen <davidsen@tmr.com>
To: root@chaos.analogic.com
Cc: "Laughlin, Joseph V" <Joseph.V.Laughlin@boeing.com>,
linux-kernel@vger.kernel.org
Subject: Re: Modifying kernel so that non-root users have some root capabilities
Date: Tue, 25 May 2004 14:14:03 -0400 [thread overview]
Message-ID: <40B38CEB.6000807@tmr.com> (raw)
In-Reply-To: <Pine.LNX.4.53.0405250724490.2512@chaos>
Richard B. Johnson wrote:
> On Mon, 24 May 2004, Laughlin, Joseph V wrote:
>
>
>>(not sure if this is a duplicate or not.. Apologies in advance.)
>>
>>I've been tasked with modifying a 2.4 kernel so that a non-root user can
>>do the following:
>>
>>Dynamically change the priorities of processes (up and down)
>>Lock processes in memory
>>Can change process cpu affinity
>>
>>Anyone got any ideas about how I could start doing this? (I'm new to
>>kernel development, btw.)
>>
>>Thanks,
>
>
> You don't modify an operating system to do that!! You just make
> a priviliged program (setuid) that does the things you want.
Dick, it's called capabilities, and people have already modified the
operating system to do that, it just doesn't work quite as intended in
some cases. Setuid is the keys to the kingdom, you really don't want to
use setuid root unless there's no other way.
Remember when everything used to take the BKL? Then people saw a better
way. Capabilities is the same kind of progression, save the big hammer
for the big nail.
--
-bill davidsen (davidsen@tmr.com)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me
next prev parent reply other threads:[~2004-05-25 18:15 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-24 22:21 Modifying kernel so that non-root users have some root capabilities Laughlin, Joseph V
2004-05-24 23:24 ` Steve Youngs
2004-05-24 23:29 ` Neale Banks
2004-05-25 11:28 ` Richard B. Johnson
2004-05-25 18:14 ` Bill Davidsen [this message]
2004-05-25 14:57 ` David T Hollis
-- strict thread matches above, loose matches on Subject: below --
2004-05-24 23:41 Laughlin, Joseph V
2004-05-24 23:49 ` Chris Wright
[not found] <fa.nbdv424.kmij3i@ifi.uio.no>
2004-05-24 23:43 ` Andy Lutomirski
2004-05-25 19:06 Laughlin, Joseph V
2004-05-25 21:15 ` Bill Davidsen
2004-05-25 23:43 Roger Larsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40B38CEB.6000807@tmr.com \
--to=davidsen@tmr.com \
--cc=Joseph.V.Laughlin@boeing.com \
--cc=linux-kernel@vger.kernel.org \
--cc=root@chaos.analogic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox