linux-capabilities

问题 I use LD_LIBRARY_PATH to set the path of a certain user library for an application. But if I set capabilities on this application sudo setcap CAP_NET_BIND_SERVICE=eip myapplication then LD_LIBRARY_PATH seems to be ignored. When I launch the program, Linux complains that it cannot find a certain shared library. I guess that there's some kind of protection kicking in, to prevent applications with extended rights from being hijacked. Is there a workaround? 回答1: As already stated in other answers

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 3 years ago . There appears to be support for fine-grained capabilities in Linux kernel, which allows granting privileges to a process to do things like, for example, opening raw sockets or raising thread priority without granting the process root privileges. However what I'd like to know if there is a way to grant per-user

问题 It\'s very annoying to have this limitation on my development box, when there won\'t ever be any users other than me. I\'m aware of the standard workarounds, but none of them do exactly what I want: authbind (The version in Debian testing, 1.0, only supports IPv4) Using the iptables REDIRECT target to redirect a low port to a high port (the \"nat\" table is not yet implemented for ip6tables, the IPv6 version of iptables) sudo (Running as root is what I\'m trying to avoid) SELinux (or similar)