You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Enable per-user(group) Linux capabilities(7) like feature in the sudoers file. While tools like setcap exist, they do not offer the same ease of use and integration with sudo's centralized access control model. sudoers configuration allows for granular command control but currently lacks the ability to specify capabilities categories besides NOEXEC.
Proposed Feature
Extend sudoers syntax to allow specifying capabilities for commands. These commands should be carefully designed to remain compatible with other platforms and older Linux kernel versions.
Some initial considerations for possible commands:
(NO)NETCTL: controls the administration of IP firewall, modify routing tables, raw sockets, bind a socket to Internet domain privileged ports.
(NO)RAWIO: Performing raw IO to various devices.
I'm pretty unsure whether it is feasible to provide such features under different platforms and maintain high compatibility.
The text was updated successfully, but these errors were encountered:
Rationale:
Enable per-user(group) Linux
capabilities(7)like feature in the sudoers file. While tools likesetcapexist, they do not offer the same ease of use and integration with sudo's centralized access control model. sudoers configuration allows for granular command control but currently lacks the ability to specify capabilities categories besidesNOEXEC.Proposed Feature
Extend sudoers syntax to allow specifying capabilities for commands. These commands should be carefully designed to remain compatible with other platforms and older Linux kernel versions.
Some initial considerations for possible commands:
I'm pretty unsure whether it is feasible to provide such features under different platforms and maintain high compatibility.
The text was updated successfully, but these errors were encountered: