Zack's Kernel News

When to Use a Filesystem Capability

Michael Kerrisk wanted to address the need for developers to know which filesystem capability to associate with new features that they want to add to the kernel. This topic has traditionally been a subject of much confusion. There hasn't been enough documentation, and the POSIX standards bodies never really nailed things down sufficiently, so it's a bit of a mess. According to the Linux man page on capabilities, "traditional UNIX implementations distinguish two categories of processes: privileged processes (whose effective user ID is 0, referred to as superuser or root), and unprivileged processes (whose effective UID is nonzero). Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process's credentials (usually: effective UID, effective GID, and supplementary group list).

"Starting with kernel 2.2, Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled."

Michael posted some documentation that, after some back-and-forth with Casey Schaufler, read:

[...]