Linux Capabilities CAP_CHOWN Allow unrestricted use of chown to change file ownership CAP_DAC_OVERRIDE Allow unlimited file access (No DAC restrictions.) CAP_DAC_READ_SEARCH Allow all read/search related actions regardless of file permissions. CAP_FOWNER Allow file access even when owner-id != userid CAP_FSETID Allow the setting of setuid/setgid flags on any file. CAP_KILL Allow signals to be sent to processes you don't own. CAP_SETGID Allow unrestricted setgid(2) and setgroups(2). CAP_SETUID Allow unrestricted setuid(2) and friends.
Copyright 2003, Bri Hatch of Onsight, Inc.
Presented at ISSA Puget Sound, 2003.
Presentation created using vim and MagicPoint.