Codex

CAPABILITY.CONF

Section: Linux-PAM Manual (5)

Updated: 09/23/2011

Index?action=index Return to Main Contents


NAME

capablity.conf - configuration file for the pam_cap module

DESCRIPTION

Each line of the file consists of two fields; the fields define:

<capability-list>

:One or more comma-separated capabilities, specified as either the textual capability name, or numeric capability value. Text name(s) and numeric value(s) may be intermixed.

The special capability name all may be used to enable all capabilities known to the local system.

The special capability name none may be used to disable all current inheritable capabilities.

:

NOTE
No whitespace is pemitted between the values. The names all and none may not be combined with any other capabilities.:

<username>

One or more whitespace-separated usernames, or the wildcard *.
NOTE
The first matching entry is used. Thus, only a single matching username entry, and/or a single wildcard entry, may be used. A matching username entry must precede the wildcard entry in order to be effective.:

IMPORTANT: <capability-list> replaces the current process' inherited capabilities; i.e. there is no provision for adding/subtracting from the current set. In most environments, the inheritable set of the process performing user authentication is 0 (empty).

If any capability name or numeric value is invalid/unknown to the local system, the capabilities will be rejected, and the inheritable set will not be modified.

EXAMPLES

These are some example lines which might be specified in /etc/security/capability.conf.

SEE ALSO

pam_cap?(8), (5), pam?(7), capabilities?(7)

AUTHOR

pam_cap was initially written by Andrew G. Morgan <[email protected]>


Index

NAME

DESCRIPTION

EXAMPLES

SEE ALSO

AUTHOR