On 2013-12-10, Grant Edwards <grant.b.edwa...@gmail.com> wrote: > How do you grant a capability (e.g. CAP_NET_RAW) to a user?
After more googling, I found this page which describes exactly what I'm trying to do: https://github.com/constanze/GSoC2010_Gentoo_Capabilities/wiki/pam_cap-on-gentoo Except it doesn't work: after modifying /etc/pam.d/system-auth and /etc/security/capability.conf as indicated and logging out/in, pscap shows no cap_net_raw for the user in question, and trying to run programs that use RAW sockets fail: socket: Operation not permitted Error opening socket: Operation not permitted I'm apparently missing something... -- Grant Edwards grant.b.edwards Yow! Sign my PETITION. at gmail.com
