scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-01 02:47:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
261936654fd8266ea813674b37d6bfb6bb96b9c8
secureblue/files/system/usr/bin/setcapsforunsuidbinaries

22 lines
760 B
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set_caps_if_present() {
local caps="$1"
local binary_path="$2"
if [ -f "$binary_path" ]; then
mount --bind -o rw "$binary_path" "$binary_path"
echo "Setting caps $caps on $binary_path"
setcap "$caps" "$binary_path"
echo "Set caps $caps on $binary_path"
umount "$binary_path"
fi
}
set_caps_if_present "cap_dac_read_search,cap_audit_write=ep" "/usr/bin/chage"
set_caps_if_present "cap_chown,cap_dac_override,cap_fowner,cap_audit_write=ep" "/usr/bin/chfn"
set_caps_if_present "cap_dac_read_search=ep" "/usr/libexec/openssh/ssh-keysign"
set_caps_if_present "cap_sys_admin=ep" "/usr/bin/fusermount3"
set_caps_if_present "cap_dac_read_search,cap_audit_write=ep" "/usr/sbin/unix_chkpwd"
Reference in New Issue View Git Blame Copy Permalink