File: capabilities.7

package info (click to toggle)
manpages-ja 0.5.0.0.20080615-1
links: PTS
area: main
in suites: lenny
size: 20,508 kB
ctags: 1
sloc: sh: 13,690; perl: 157; makefile: 114
file content (540 lines) | stat: -rw-r--r-- 16,948 bytes
.\" Copyright (c) 2002 by Michael Kerrisk <mtk.manpages@gmail.com>
.\"
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of this
.\" manual under the conditions for verbatim copying, provided that the
.\" entire resulting derived work is distributed under the terms of a
.\" permission notice identical to this one.
.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date.  The author(s) assume no
.\" responsibility for errors or omissions, or for damages resulting from
.\" the use of the information contained herein.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
.\"
.\" 6 Aug 2002 - Initial Creation
.\" Modified 2003-05-23, Michael Kerrisk, <mtk.manpages@gmail.com>
.\" Modified 2004-05-27, Michael Kerrisk, <mtk.manpages@gmail.com>
.\" 2004-12-08, mtk Added O_NOATIME for CAP_FOWNER
.\" 2005-08-16, mtk, Added CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE
.\" FIXME serge@hallyn.com promises updates to this page in loine with
.\" recent changes to capabilities code in kernel, Feb 2008.
.\"
.\" Japanese Version Copyright (c) 2005 Akihiro MOTOKI all rights reserved.
.\" Translated 2005-03-09, Akihiro MOTOKI <amotoki@dd.iij4u.or.jp>
.\" Updated 2005-11-04, Akihiro MOTOKI
.\" Updated 2006-04-16, Akihiro MOTOKI, Catch up to LDP v2.29
.\" Updated 2006-07-20, Akihiro MOTOKI, Catch up to LDP v2.34
.\" Updated 2007-01-05, Akihiro MOTOKI, Catch up to LDP v2.43
.\"
.TH CAPABILITIES 7 2006-07-31 "Linux" "Linux Programmer's Manual"
.SH ̾
capabilities \- Linux Υѥӥƥ (capability) γ
.SH 
¤ΥåԤ鸫ȡŪ Unix μǤ
ץĤΥƥʬǤ:
.I ø
ץ (¸桼ID  0 Υץ桼ID 0 
ѡ桼 root ȸƤФ) 
.I ø
ץ (¸桼ID  0 ʳΥץ) Ǥ롣
øץǤϡץλʾ (̾ϡ¸UID ¸GID
ɲäΥ롼ץꥹ) ˴Ť¥åԤΤФ
øץǤƤΥͥθ¥åХѥ롣

С 2.2 ʹߤ Linux Ǥϡ
ޤǥѡ桼˷դƤ¤
ĤΥ롼פʬ䤷Ƥ롣Υ롼פ
.IR ѥӥƥ (capability)
ȸƤФ졢롼Ω̵ͭǤ롣
ѥӥƥϥåñ̤°Ǥ롣
.SS ѥӥƥΥꥹ
Linux 2.6.14 ǤϡʲΥѥӥƥƤ:
.TP
.BR CAP_AUDIT_CONTROL " (Linux 2.6.11 ʹ)"
ͥƺ (audit) ̵ͭڤؤ
ƺΥե륿롼ѹ
ƺξե륿롼μǤ롣
.TP
.BR CAP_AUDIT_WRITE " (Linux 2.6.11 ʹ)"
ͥƺΥ˥쥳ɤ񤭹ळȤǤ롣
.TP
.B CAP_CHOWN
ե UID GID Ǥդѹ뤳ȤǤ
.RB ( chown (2)
)
.TP
.B CAP_DAC_OVERRIDE
եɤ߽Ф񤭹ߡ¹Ԥθ¥åХѥ
(DAC = "discretionary access control (ǤդΥ)")
.TP
.B CAP_DAC_READ_SEARCH
եɤ߽Ф¤Υåȥǥ쥯ȥɤ߽Фȼ¹
θ¥åХѥ롣
.TP
.B CAP_FOWNER
̾ץΥե륷ƥ UID ե UID ˰פ뤳Ȥ
׵ᤵ (㤨
.BR chmod (2),
.BR utime (2))
ˤ븢¥åХѥ롣
â
.B CAP_DAC_OVERRIDE

.B CAP_DAC_READ_SEARCH
ˤåԤϽ
ǤդΥեФƳĥե°ꤹ뤳ȤǤ
.RB ( chattr (1)
)
ǤդΥեФƥꥹ (ACL) Ǥ롣
եκκݤ˥ǥ쥯ȥΥƥåӥåȤ̵뤹롣
.BR open (2)

.BR fcntl (2)
ǤդΥեФ
.B O_NOATIME
Ǥ롣
.TP
.B CAP_FSETID
ե뤬ѹ줿Ȥset-user-ID set-group-ID ӥåȤ򥯥ꥢ
ʤƤӽФץΥե륷ƥ GID ɲä GID ΤȤ
GID פʤեФ set-group-ID ӥåȤꤹ뤳ȤǤ롣
.TP
.B CAP_IPC_LOCK
꡼Υå
.RB ( mlock (2),
.BR mlockall (2),
.BR mmap (2),
.BR shmctl (2))
ԤȤǤ롣
.TP
.B CAP_IPC_OWNER
System V IPC ֥ȤФ˴ؤƸ¥åХѥ롣
.TP
.B CAP_KILL
ʥݤ˸¥åХѥ
.RB ( kill (2)
)
.B KDSIGACCEPT ioctl
λѤǧ롣
.\" FIXME CAP_KILL also has an effect for threads + setting child
.\"       termination signal to other than SIGCHLD: without this
.\"       capability, the termination signal reverts to SIGCHLD
.\"       if the child does an exec().  What is the rationale
.\"       for this?
.TP
.B CAP_LEASE
(Linux 2.4 ʹ) ǤդΥեФ
ե꡼ꤹ뤳ȤǤ
.RB ( fcntl (2)
)
.TP
.B CAP_LINUX_IMMUTABLE
ĥե°
.B EXT2_APPEND_FL

.B EXT2_IMMUTABLE_FL
Ǥ
.RB ( chattr (1)
)
.\" ° ext2, ext3, Reiserfs ѲǽǤ롣
.TP
.B CAP_MKNOD
(Linux 2.4 ʹ)
.BR mknod (2)
Ѥƥڥ롦ե뤳ȤǤ롣
.TP
.B CAP_NET_ADMIN
ƼΥͥåȥϢĤ롣
(㤨Сøɬפʥåȥץꤹ롢ޥ㥹Ȥͭˤ롢
󥿡եꤹ롢롼ƥ󥰥ơ֥ѹʤ)
.TP
.B CAP_NET_BIND_SERVICE
󥿡ͥåȥɥᥤͽ󤵤Ƥ (1024 ̤) åȥݡֹ
ѤǤ롣
.TP
.B CAP_NET_BROADCAST
(̤) åȤΥ֥ɥ㥹Ȥȡޥ㥹ȤԤ
ԤȤǤ롣
.TP
.B CAP_NET_RAW
RAW åȤ PACKET åȤѤ뤳ȤǤ롣
.\" ޤƼ IP ץ SO_BINDTODEVICE åȥץѤǤ롣
.TP
.B CAP_SETGID
ץ GID ɲä GID ꥹȤФǤդԤȤǤ롣
Unix ɥᥤ󥽥åȷͳǥåȤλʾ (credential) Ϥݤ
 GID ϤȤǤ롣
.TP
.B CAP_SETPCAP
ƤӽФĤƤ륱ѥӥƥåȤ˴ޤޤǤդΥѥӥƥ
¾ΥץͿꡢǤ롣
.TP
.B CAP_SETUID
ץ UID ФǤդ
.RB ( setuid (2),
.BR setreuid (2),
.BR setresuid (2),
.BR setfsuid (2))
ԤȤǤ롣
Unix ɥᥤ󥽥åȷͳǥåȤλʾ (credential) Ϥݤ
 UID ϤȤǤ롣
.\" FIXME CAP_SETUID also an effect in exec(); document this.
.TP
.B CAP_SYS_ADMIN
ʲΥƥѤԤȤǤ:
.BR quotactl (2),
.BR mount (2),
.BR umount (2),
.BR swapon (2) ,
.BR swapoff (2) ,
.BR sethostname (2),
.BR setdomainname (2),
Ǥդ System V IPC ֥ȤФ
.B IPC_SET

.B IPC_RMID

ĥ°
.I trusted

.I security
Ф¹ԤǤ
.RB ( attr (5)
)
.BR lookup_dcookie (2)
ƤӽФȤǤ롣
.BR ioprio_set (2)
Ȥä I/O 塼󥰥饹
.BR IOPRIO_CLASS_RT ,
.B IOPRIO_CLASS_IDLE
Ƥ뤳ȤǤ롣
.BR keyctl (2)

.B KEYCTL_CHOWN

.B KEYCTL_SETPERM
¹ԤǤ롣
åȤλʾ (credential) Ϥݤ˵ UID ϤȤǤ롣
ե򥪡ץ󤹤륷ƥॳ (㤨
.BR accept (2),
.BR execve (2),
.BR open (2),
.BR pipe (2))
ǥƥΤǥץǤեξ
.I /proc/sys/fs/file-max
Ķ뤳ȤǤ
(Υѥӥƥʤ硢ξ¤ã
Υƥॳ
.B ENFILE
顼ǼԤ)
.BR clone (2)

.BR unshare (2)

.B CLONE_NEWNS
ե饰ѤǤ롣
.TP
.B CAP_SYS_BOOT
.BR reboot (2)

.BR kexec_load (2)
ƤӽФȤǤ롣
.TP
.B CAP_SYS_CHROOT
.BR chroot (2).
ƤӽФȤǤ롣
.TP
.B CAP_SYS_MODULE
ͥ⥸塼ΥɡɤԤȤǤ롣
ѥӥƥХǥ󥰥å (capability bounding set) ѹǤ롣
.RB ( init_module (2)

.BR delete_module (2)
򻲾ȤΤ)
.TP
.B CAP_SYS_NICE
ץ nice ͤΰ夲
.RB ( nice (2),
.BR setpriority (2))
䡢ǤդΥץ nice ͤѹԤȤǤ롣
ƤӽФץФꥢ륿ࡦ塼󥰥ݥꥷȡ
ǤդΥץФ륹塼󥰥ݥꥷͥ٤ԤȤǤ
.RB ( sched_setscheduler (2),
.BR sched_setparam (2))
ǤդΥץФ CPU affinity Ǥ
.RB ( sched_setaffinity (2))
ǤդΥץФ I/O 塼󥰥饹ͥ٤Ǥ
.RB ( ioprio_set (2))
.BR migrate_pages (2)
ǤդΥץŬѤǤץǤդΥΡɤ˰ưǤ롣
.\" FIXME CAP_SYS_NICE also has the following effect for
.\" migrate_pages(2):
.\"     do_migrate_pages(mm, &old, &new,
.\"         capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
.BR move_pages (2)
ǤդΥץФƹԤȤǤ롣
.BR mbind (2)

.BR move_pages (2)

.B MPOL_MF_MOVE_ALL
ե饰ѤǤ롣
.TP
.B CAP_SYS_PACCT
.BR acct (2)
ƤӽФȤǤ롣
.TP
.B CAP_SYS_PTRACE
ǤդΥץФ
.BR ptrace (2)
Ѥȥ졼ԤȤǤ롣
.TP
.B CAP_SYS_RAWIO
I/O ݡԤȤǤ
.RB ( iopl (2)

.BR ioperm (2))
.I /proc/kcore
˥Ǥ롣
.TP
.B CAP_SYS_RESOURCE
ʲԤȤǤ:
ext2 ե륷ƥͽ󤵤Ƥΰλѡ
ext3 Υ㡼ʥ뵡ǽ椹
.BR ioctl (2)
λѡǥ quota ξ¤񤭡
꥽¤䤹
.RB ( setrlimit (2))
.B RLIMIT_NPROC
ˤ꥽¤ξ񤭡
å塼˴ؤ
.I msg_qbytes

.I /proc/sys/kernel/msgmnb
˻ꤵƤ¤礭ꤹ뤳
.RB ( msgop (2)

.BR msgctl (2)
)
.TP
.B CAP_SYS_TIME
ƥ९åѹǤ
.RB ( settimeofday (2),
.BR stime (2),
.BR adjtimex (2))
ꥢ륿 (ϡɥ) åѹǤ롣
.TP
.B CAP_SYS_TTY_CONFIG
.BR vhangup (2)
ƤӽФȤǤ롣
.SS ѥӥƥå
ƥåɤϰʲ 3ΥѥӥƥåȤġơΥѥӥƥåȤ
嵭ΥѥӥƥȤ߹碌Ǥ (ƤΥѥӥƥ̵Ǥ褤)
.TP
.IR "¸ (effective)" :
ͥ뤬åɤθ¤åȤ˻Ѥ륱ѥӥƥ硣
.TP
.IR " (permitted)" :
ΥåɤĤȤĤƤ륱ѥӥƥ (ȡ
¸ѥӥƥåȤȷѾǽѥӥƥåȤΥѡåȤǤ)
ĥѥӥƥåȤƤޤäѥӥƥϡ
(set-user-ID-root ץ
.BR execv (2)
ʤ¤) ⤦ٳ뤳ȤϤǤʤ
.TP
.IR "Ѿǽ (inheritable)" :
.BR execve (2)
ݻ륱ѥӥƥ硣
.PP
.BR fork (2)
ǺҥץϡƤΥѥӥƥåȤΥԡѾ롣
.BR execve (2)
ΥѥӥƥΰˤĤƤϲ򻲾ȤΤȡ
.PP
.BR capset (2)
ȤȡץϼʬȤΥѥӥƥå
뤳ȤǤ롣ޤ
.B CAP_SETPCAP
ѥӥƥäƤˤϡ̥ץΥåɤ
ѥӥƥåȤǤ롣
.SS ѥӥƥХǥ󥰥å
ץब¹Ԥȡĥѥӥƥȼ¸ѥӥƥˤϡ
.I /proc/sys/kernel/cap-bound
Ƥ롢
.I "ѥӥƥХǥ󥰥å (capability bounding set)"
Ȥͤ¤Ȥäͤꤵ롣
Υѥ᡼ȤȤǡǼ¹Ԥ뤹٤ƤΥץ
Ϳ륱ѥӥƥФ륷ƥΤǤ¤ߤ뤳ȤǤ롣
(ְ㤨䤹ӥåȥޥΥѥ᡼ϡ
.I /proc/sys/kernel/cap-bound
Ǥդνʿɽ롣)

.B init
ץΤߤѥӥƥХǥ󥰥åȤꤹ뤳Ȥ롣
ޤѡ桼ǤСΥåȤӥåȤ򥯥ꥢ
ϼ¹ԤǤ롣

̾ΥƥǤϡѥӥƥХǥ󥰥åȤϡ
.B CAP_SETPCAP
̵ˤʤäƤ롣
¤ˤ (Τϴ!)
.I include/linux/capability.h

.B CAP_INIT_EFF_SET
ͥƹۤɬפ롣

ѥӥƥХǥ󥰥åȵǽ Linux ؤɲä
ͥ 2.2.11 鳫Ϥ줿
.SS ߤȾμ
ʷΥѥӥƥˤϡʲ׷ɬפ롧
.IP 1. 4
ƤøˤĤơͥϤΥåɤμ¸ѥӥƥåȤ
ɬפʥѥӥƥ뤫ǧ롣
.IP 2. 4
ͥǡ륹åɤΥѥӥƥåȤѹꡢ
Ǥ륷ƥॳ뤬󶡤롣
.IP 3. 4
ե륷ƥब¹Բǽե˥ѥӥƥͿǤե
¹ԻˤΥѥӥƥץǤ褦ʵǽ򥵥ݡȤ롣
.PP
Linux 2.6.6 Ǥϡǽ 2Ĥ׷ΤߤƤ롣

ɡåɤΥѥӥƥåȤϢ뤵졢
.BR execve (2)
ΥåɤΥѥӥƥåȤꤹ 3 Ĥ
ѥӥƥåȤȡ¸ǽʥեȤطդ뤳Ȥ롣
.TP
.IR "Ѿǽ (Inheritable)" " ( " " (Allowed)" "):"
ΥåȤϡåɤηѾǽѥӥƥåȤ¤Ȥ졢
.BR execve (2)
θǥåɤǧѾǽѥӥƥη˻Ȥ롣
.TP
.IR " (Permitted)" " (" " (Forced)" "):"
åɤηѾǽѥӥƥ˴ؤ餺Υåɤ˼ưŪ
ǧ륱ѥӥƥ
.TP
.IR "¸ (Effective)" :
Υåɤο (permitted) ѥӥƥåȤΤ
¸ѥӥƥåȤǤ⥻åȤ륱ѥӥƥ
(̾ F(effective) Ϥ٤ 0 ٤ 1 Τɤ餫Ȥʤ)
.PP
̤ϡե롦ѥӥƥåȤƤʤΤǡ
.BR execve (2)
ˤϰʲΤ褦ʽԤ롧
.IP 1. 4
3Υե륱ѥӥƥåȤϽ֤ǤϥꥢƤΤ
ꤵ롣
.IP 2. 4
set-user-ID-root ץब¹Ԥ줿礫ץμ¥桼ID 
0 (root) ξϡѾǽȵĤΥե륱ѥӥƥåȤ
٤ 1 (ĤޤꡢƤΥѥӥƥͭ) ˥åȤ롣
.IP 3. 4
set-user-ID-root ץब¹Ԥ줿ϡ¸ե
ѥӥƥåȤ 1 ˥åȤ롣
.SS "exec() ΥѥӥƥѲ"
.PP
.BR execve (2)
ϡͥϥץοѥӥƥ򼡤
르ꥺѤƷ׻롧
.in +4n
.nf

P'(permitted) = (P(inheritable) & F(inheritable)) |
                (F(permitted) & cap_bset)

P'(effective) = P'(permitted) & F(effective)

P'(inheritable) = P(inheritable)    [Ĥޤꡢѹʤ]

.fi
.in
ѿΰ̣ϰʲ̤:
.IP P 10
.BR execve (2)
ΥåɤΥѥӥƥåȤ
.IP P' 10
.BR execve (2)
ΥåɤΥѥӥƥåȤ
.IP F 10
ե륱ѥӥƥåȤ
.IP cap_bset 10
ѥӥƥХǥ󥰥åȤ
.PP
ߤμǤϡΥ르ꥺη̡
ץ set-user-ID-root ץ
.BR execve (2)
Ȥޤϼ¸ UID  0 Υץץ
.BR execve (2)
ȤĤȼ¸ΥѥӥƥåȤѥӥƥ
(ΤˤϡѥӥƥХǥ󥰥åȤˤޥǽ
(Ĥޤ
.BR CAP_SETPCAP )
ʳƤΥѥӥƥ) 뤳Ȥˤʤ롣
.\"  UID  0 Ǽ¸ UID  0 ʳΥץ exec () Ԥȡ
.\" ĥѥӥƥåȤ˴ޤޤƤΥѥӥƥ (CAP_SETPCAP ʳ)
.\" 졢¸ѥӥƥϼʤ
ˤꡢŪ Unix ƥƱ񤤤Ǥ褦ˤʤäƤ롣
.SS "桼 ID ѹΥѥӥƥؤαƶ"
桼 ID  0  0 ʳδ֤Ѳݤο񤤤Ʊˤ뤿ᡢ
åɤμ UID¸ UID¸ set-user-IDե륷ƥ UID 
.RB ( setuid (2),
.BR setresuid (2)
ʤɤȤä) ѹ줿ݤˡͥϤΥåɤΥѥӥƥåȤ
ʲѹԤ:
.IP 1. 4
UID ѹˤϼ UID¸ UID¸ set-user-ID Τ
ʤȤĤ 0 ǡѹ˼ UID¸ UID¸ set-user-ID 
٤ 0 ʳͤˤʤä硢Ĥȼ¸ΥѥӥƥåȤ
ѥӥƥ򥯥ꥢ롣
.IP 2. 4
¸ UID  0  0 ʳѹ줿硢
¸ѥӥƥåȤѥӥƥ򥯥ꥢ롣
.IP 3. 4
¸ UID  0 ʳ 0 ѹ줿硢
ĥѥӥƥåȤƤ¸ѥӥƥåȤ˥ԡ롣
.IP 4. 4
ե륷ƥ UID  0  0 ʳѹ줿
.RB ( setfsuid (2)
)¸ѥӥƥåȤΰʲΥѥӥƥꥢ:
.BR CAP_CHOWN ,
.BR CAP_DAC_OVERRIDE ,
.BR CAP_DAC_READ_SEARCH ,
.BR CAP_FOWNER ,
.BR CAP_FSETID .
ե륷ƥ UID  0 ʳ 0 ѹ줿硢
嵭ΥѥӥƥΤĥѥӥƥåȤͭˤʤäƤΤ
¸ѥӥƥåȤͭˤ롣
.PP
Ƽ UID ΤʤȤĤ 0 Ǥ륹åɤ
 UID Ƥ 0 ʳˤʤäȤ˵ĥѥӥƥåȤ
ꥢʤ褦ˤˤϡ
.BR prctl (2)

.B PR_SET_KEEPCAPS
ȤФ褤
.SH 
ѥӥƥ˴ؤɸϤʤ Linux ΥѥӥƥѰƤˤʤä
POSIX.1e Ƥ˴ŤƼƤ롣
.SH 
.I libcap
ѥåϡåɤΥѥӥƥꡦ뤿
롼󷲤󶡤Ƥ롣Υ󥿥եϡ
.BR capset (2)

.BR capget (2)
󶡤륤󥿡ե٤ơȤ䤹ѹǽʤ
.SH Х
ΤȤ¹Բǽե˥ѥӥƥդ뵡ǽ򥵥ݡȤƤ
ե륷ƥϤʤ
.SH Ϣ
.BR capget (2),
.BR prctl (2),
.BR setfsuid (2),
.BR credentials (7),
.BR pthreads (7)