Hi!
I now checked the source code of pureftpd.
It seems that it always keeps CAP_NET_ADMIN.
What should one think about that?
Christoph
caps.c:
http://pureftpd.cvs.sourceforge.net/pureftpd/pureftpd/src/ca ps.c?view=markup
...
void set_initial_caps(void)
{
apply_caps(cap_keep_startup,
sizeof(cap_keep_startup) / sizeof(cap_value_t));
}
...
caps_p.h:
http://pureftpd.cvs.sourceforge.net/pureftpd/pureftpd/src/ca ps_p.h?view=markup
...
cap_value_t cap_keep_startup[] = {
CAP_SETGID,
CAP_SETUID,
CAP_CHOWN,
CAP_NET_BIND_SERVICE,
CAP_SYS_CHROOT,
CAP_SYS_NICE,
CAP_NET_ADMIN,
CAP_DAC_READ_SEARCH
};
cap_value_t cap_keep_login[] = {
# ifndef WITH_PRIVSEP
# ifndef HAVE_SYS_FSUID_H
CAP_SETUID,
# endif
CAP_NET_BIND_SERVICE,
# endif
CAP_NET_ADMIN
};
...