On Sat, Feb 06, 2010 at 12:04:07 +0100, Zbyniu Krzystolik wrote: >> Anyone knows if it is or is going to be possible in rpm to store xattrs? > > Not possible now.
And how about The Other RPM? This is a must-be feature and sooner or later we must get rid of broken by design SUID/SGID... > My note may be interested for you (pl); libcap-ng utils can simplify it. > http://zz.iapt.pl/bez_root2.txt That's similar to thing I want to do. The difference is you drop capabilities, and I want to set some for regular users (either designated - for daemons having it's own files and secrets, or nobody for anything else, using start-stop-daemon --chuid). Like this: setcap cap_net_bind_service=ei =nc execcap cap_net_bind_service=i su - gotar -c 'nc -l -p 34' but this obviously requires tagging binaries. The problem is tracking all the xattrs (caps and ACLs). Especially if I need to restrict some accounts (i.e. give some permissions to normal accounts) more, than hardening daemons... -- Tomasz Pala <go...@pld-linux.org> _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en