- This topic has 18 replies, 7 voices, and was last updated Jan 26-4:07 pm by Robin.
-
Posts
-
mikey777
Life changing final exams here, on top of months of home schooling due covid. School is no 1 Priority.
Fingers crossed & very good luck with the final exams Moddit – here’s hoping they go well for you. When it’s all done you’ll be able to relax at the end of it, and enjoy a much deserved break over the summer vacation!
▪ 32-bit antix19.4-core+LXDE installed on :
- (2011) Samsung NP-N145 Plus (JP04UK) – single-core CPU Intel Atom N455@1.66GHz, 2GB RAM, integrated graphics.
▪ 64-bit antix21-base+LXDE installed on:
- (2008) Asus X71Q (7SC002) – dual CPU Intel T3200@2.0GHz, 4GB RAM. Graphics: Intel Mobile 4 Series, integrated graphics
- (2007) Packard Bell Easynote MX37 (ALP-Ajax C3) – dual CPU Intel T2310@1.46GHz, 2GB RAM. Graphics: Silicon Integrated Systems.Robin
While reading this thread I wondered whether antiX makes use of “capabilities”. I came across this type of “privileges” obviously meant to give permissions in a manor way more fine granulared than su or sudo, once I was researching for a reliable method to allow execution of “mount” command by normal user, while overhauling the unplugdrive script. But I couldn’t figure how this works. So, are these “capabilities” an additional way of managing by whom a command is allowed to be executed, like su, sudo, gksu or pkexec? And how to apply them practically for allowing the start of a specific command, e.g. on command line, or whithin a script? Does anybody happen to have looked into this already?
P.S.: Best wishes for the exams, @ModdIt, and crossed fingers, also. Homeschooling is a heavy and time consuming task. @mikey777: It’s not him taking them.
Windows is like a submarine. Open a window and serious problems will start.
Anonymous
Robin, most of the antiX utilities are shell scripts, predominantly bash scripts
and the install destination for nearly all of the antiX tools is /usr/local
If you use grep to search each directory in your $PATH, especially /usr/local
you can note that, no, none of ’em employ capsh
grep -nr capsh /usr/localman capsh
man capabilities
man capabilties.conf
man getcaps
man pam_capfirejail (python) pre-installed in antiX Full edition https://firejail.wordpress.com/documentation-2/linux-capabilities-guide/ does support assignment of custom capabilities (and namespaces) for jailed programs. Neither firejail nor any other pythonic app preinstalled in antiX utilizes the python-prctl module, and same (no pre-installed app utilitzes) the analagous perl extension Linux::Prctl.
If you skim read this linked page (don’t try to soak in ALL the details)
https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts
you’ll probably gain a sense of why so few authors of interpreted scripts bother to attempt wrangling capabilities.Many thanks @skidoo for your detailed instructions and links to this interessting theme, this was realy great stuff to read. It was a great help while writing my scripts. Sorry for not answering that long, I had my head always buried under different tasks, so my answer got lost those days. What I understood was: There is a severe kernel bug which allows to foist a different script file content while handling the execution of interpretation. Which renders all efforts to increase script security from within an interpreted script useless in the end. But I also understood there is a known patch to help this, it simply never made its way into our kernels. What a pitty.
Windows is like a submarine. Open a window and serious problems will start.
- You must be logged in to reply to this topic.
