From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8457A1386B7 for ; Sat, 26 Jan 2013 17:02:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B8B6821C030; Sat, 26 Jan 2013 17:02:17 +0000 (UTC) Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D1AD221C037 for ; Sat, 26 Jan 2013 17:02:15 +0000 (UTC) Received: by mail-bk0-f44.google.com with SMTP id j4so721892bkw.17 for ; Sat, 26 Jan 2013 09:02:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding:x-gm-message-state; bh=4E1iepilIi9hpiLrzGN9hO6hvcj3F91DiGtUZqaz/zg=; b=BrW7mVZxaX6RwjW4Dqxb9pNKTxUTLYJybP/ou8K000S3CmMKplX99cWVle2sY7ms/U K45Sn6fIqVlzpisXXrxocwOKSCitpl1rkkeC3HecYHR/jsQqFhZfvJ46yqu2BTvSLrRk riP3MDwH0uZT0jDWbZv+YSLEpwJul9YsG6paHpKSfmcujx/4DjkgeDTQFjHAHIWgeYPe RQcc1eMUxbo7VOZOJ2G8v184nDmbh6NfXcc1EHKXlzKNCgyU3yx+41eo3v8upS8+h2Km 25pALF/wI5e0XeEbyIKmV5rqfAMJZEiCIFEmuMBl/pqCmMMfqHBWwal/XTI2vyhPuqqw TsnQ== X-Received: by 10.204.4.145 with SMTP id 17mr2776868bkr.34.1359219734120; Sat, 26 Jan 2013 09:02:14 -0800 (PST) Received: from saladin.home.flameeyes.eu ([151.95.33.51]) by mx.google.com with ESMTPS id fs20sm687138bkc.8.2013.01.26.09.02.12 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 26 Jan 2013 09:02:12 -0800 (PST) Message-ID: <51040C10.6050407@flameeyes.eu> Date: Sat, 26 Jan 2013 18:02:08 +0100 From: =?UTF-8?B?RGllZ28gRWxpbyBQZXR0ZW7Dsg==?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130113 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] fcaps.eclass: bringing filesystem capabilities to the tree References: <201301251851.45021.vapier@gentoo.org> <1359159053.32487.4.camel@kanae> <201301260246.12861.vapier@gentoo.org> <5103FDC9.7040603@flameeyes.eu> In-Reply-To: X-Enigmail-Version: 1.5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Gm-Message-State: ALoCoQkpFbMel/EWK9mNA6/KFsC0A3DWiWKc8tTxfnrNgjpn5Tc8zdxffxC5GMHpZedzwv/O5yz6 X-Archives-Salt: e999d8a4-6f6a-4db9-975b-e971e450b7c2 X-Archives-Hash: b154e6bd38f9a7aa4a6c17c390b1d3b2 On 26/01/2013 17:13, Rich Freeman wrote: > I naively assumed that if you edit /etc/security/capability.conf this > would set the per-user capabilities. However, I have not actually > tried this. I guess our pam configuration/etc isn't set to check this > file? pambase is not enabling pam_caps, so the file is ignored, at least for what I last knew. pambase needs to be restructured, but as I said before it's a task that for me is a PITA as I don't really use much about it, and it takes a lot of time and work to set up properly. I've been open for a while to be hired by somebody who has needs for a more precise PAM configuration in Gentoo, but no dice there. -- Diego Elio Pettenò — Flameeyes flameeyes@flameeyes.eu — http://blog.flameeyes.eu/