是否可以为每个用户配置Linux功能? [英] Is it possible to configure Linux capabilities per user?

问题描述

Linux内核中似乎支持细粒度功能向进程授予特权以执行某些操作，例如打开原始套接字或提高线程优先级而未授予进程根特权.

There appears to be support for fine-grained capabilities in Linux kernel, which allows granting privileges to a process to do things like, for example, opening raw sockets or raising thread priority without granting the process root privileges.

但是我想知道是否有一种方法可以授予每用户功能.也就是说，允许非根和非suid进程获取那些功能.

However what I'd like to know if there is a way to grant per-user capabilities. That is, allow non-root and non-suid processes to acquire those capabilities.

推荐答案

有limits.conf，可以通过它限制用户或组的某些资源.

There's limits.conf, it is possible to restrict some resources for a user or a group through it.

签出 man limits.conf

这篇关于是否可以为每个用户配置Linux功能?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！