[Fed-Talk] Linux Capabilities, OSX equivalent?
[Fed-Talk] Linux Capabilities, OSX equivalent?
- Subject: [Fed-Talk] Linux Capabilities, OSX equivalent?
- From: Brian Raymond <email@hidden>
- Date: Sun, 21 May 2006 21:35:12 -0400
- Thread-topic: Linux Capabilities, OSX equivalent?
This is a fairly in depth technical question I wouldn't normally float on
the Fed-Talk list but since this is for a government customer and it
provides a chance to bring this topic up I thought It was appropriate.
I have a strong Linux/BSD background so I generally find myself knowing how
to do something in Linux and Free/OpenBSD however I can't always find a
mapping for OSX. In this case I want to grant an unprivileged user the
ability to bind to reserved ports (< 1024) on OSX. It's somewhat limited but
in Linux I can grant the capability "CAP_NET_BIND_SERVICE" to allow a
process to bind to a reserved port without it being (set)uid 0. Does anyone
by chance know how you would accomplish that with OSX?
The more general question is how do I add or remove fine grained
capabilities to users and/or processes in OSX in the standard DAC security
model? I'm differentiating the standard DAC security model from any more
robust MAC implementations coming down the pipe that someone might mention,
mainly because I generally would still need to provide access using DAC
since all solutions I'm aware of are layered.
Thanks.
- Brian
(Since I'm on the topic one of the other things that FreeBSD and Linux
handle well is layer 2 bridging for ethernet interfaces, I looked a little a
couple of months ago but couldn't find how to manage it in OSX aside from
simple connection sharing)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden