scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-03 20:07:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
06c2883bb157443568ca09e1a8feef9de55fe454
secureblue/files/system/usr/bin/setcapsforunsuidbinaries
qoijjj 3187065cbf chore: add back executable bit where needed
2024-07-21 14:35:26 -07:00

25 lines
987 B
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set_caps_if_present() {
local caps="$1"
local binary_path="$2"
if [ -f "$binary_path" ]; then
mount --bind -o rw "$binary_path" "$binary_path"
echo "Setting caps $caps on $binary_path"
setcap "$caps" "$binary_path"
echo "Set caps $caps on $binary_path"
umount "$binary_path"
fi
}
set_caps_if_present "cap_dac_read_search,cap_audit_write=ep" "/usr/bin/chage"
set_caps_if_present "cap_chown,cap_dac_override,cap_fowner,cap_audit_write=ep" "/usr/bin/chsh"
set_caps_if_present "cap_chown,cap_dac_override,cap_fowner,cap_audit_write=ep" "/usr/bin/chfn"
set_caps_if_present "cap_dac_read_search=ep" "/usr/libexec/openssh/ssh-keysign"
set_caps_if_present "cap_sys_admin=ep" "/usr/bin/fusermount"
set_caps_if_present "cap_sys_admin=ep" "/usr/bin/fusermount3"
set_caps_if_present "cap_sys_admin=ep" "/usr/bin/fusermount-glusterfs"
set_caps_if_present "cap_dac_read_search,cap_audit_write=ep" "/usr/sbin/unix_chkpwd"
Reference in New Issue View Git Blame Copy Permalink