Subversion Repositories svn LFS-FR

Compare Revisions

Ignore whitespace Rev 1404 → Rev 1405

/trunk/hlfs/chapter06/inetutils.xml
130,8 → 130,10
 
<para>Utilisez les possibilités Linux Capabilities plutôt que suid&nbsp;:</para>
 
<screen><userinput remap="install">setcap cap_net_raw=ep /bin/ping
setcap cap_net_raw=ep /bin/ping6</userinput></screen>
<screen><userinput remap="install">chmod -v -s /bin/ping
setcap -v cap_net_raw=ep /bin/ping
chmod -v -s /bin/ping6
setcap -v cap_net_raw=ep /bin/ping6</userinput></screen>
 
</sect2>
 
/trunk/hlfs/chapter06/shadow.xml
104,24 → 104,26
 
<screen><userinput remap="install">mv -v /usr/bin/passwd /bin</userinput></screen>
 
<!--
<para>Utilisez les possibilités Linux Capabilities plutôt que suid&nbsp;:</para>
<screen><userinput remap="install">chmod -v -s /usr/bin/chage
setcap CAP_DAC_READ_SEARCH=ep /usr/bin/chage
setcap -v CAP_DAC_READ_SEARCH=ep /usr/bin/chage
chmod -v -s /usr/bin/chsh
setcap CAP_CHOWN,CAP_SETUID=ep /usr/bin/chsh
setcap -v CAP_CHOWN,CAP_SETUID=ep /usr/bin/chsh
chmod -v -s /usr/bin/newgrp
setcap CAP_DAC_READ_SEARCH,CAP_SETGID=ep /usr/bin/newgrp
setcap -v CAP_DAC_READ_SEARCH,CAP_SETGID=ep /usr/bin/newgrp
chmod -v -s /usr/bin/chfn
setcap CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_SETUID=ep /usr/bin/chfn
setcap -v CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_SETUID=ep /usr/bin/chfn
chmod -v -s /usr/bin/gpasswd
setcap CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /usr/bin/gpasswd
setcap -v CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /usr/bin/gpasswd
chmod -v -s /usr/bin/expiry
setcap CAP_DAC_READ_SEARCH=ep /usr/bin/expiry
setcap -v CAP_DAC_READ_SEARCH=ep /usr/bin/expiry
chmod -v -s /bin/su
setcap CAP_DAC_READ_SEARCH,CAP_SETUID,CAP_SETGID=ep /bin/su
setcap -v CAP_DAC_READ_SEARCH,CAP_SETUID,CAP_SETGID=ep /bin/su
chmod -v -s /bin/passwd
setcap CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /bin/passwd</userinput></screen>
setcap -v CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /bin/passwd</userinput></screen>
-->
 
<!-- <para>Déplacez les bibliothèques de Shadow dans des emplacements
plus appropriés&nbsp;:</para>
/trunk/hlfs/chapter06/util-linux-ng.xml
97,15 → 97,16
 
<screen><userinput>make install</userinput></screen>
 
<!--
<para>Utilisez les possibilités Linux Capabilities plutôt que suid (FIXME:
wall and write are suid too)&nbsp;:</para>
 
<screen><userinput remap="install">chmod -v -s /bin/mount
setcap CAP_SYS_ADMIN=ep /bin/mount
setcap -v CAP_SYS_ADMIN=ep /bin/mount
chmod -v -s /bin/umount
setcap CAP_SYS_ADMIN=ep /bin/umount
setcap -v CAP_SYS_ADMIN=ep /bin/umount
</userinput></screen>
 
-->
</sect2>
 
<sect2 id="contents-utillinux" role="content">