1

I have a /etc/security/limits.conf file as follows

manu             -       memlock         unlimited
manu             -       rtprio          100
manu             -       nice            40
manu             -       stack           unlimited

Now I want the user "manu" to be able to use the shmctl function requiring CAP_IPC_OWNER, how should I modify this file to have this capability? Is it possible?

tomix86
  • 1,336
  • 2
  • 18
  • 29
Manuel Selva
  • 18,554
  • 22
  • 89
  • 134

1 Answers1

2

That's not the place to set a capability. Use the system call capset() to do that, e.g. you start your process as root, set this capability with capset(), and then you can change your UID; or you can do that from another process but you need the pid.

An alternative is to use setcap() to set this as an attribute on your executable, see setcap(8).

ldx
  • 3,984
  • 23
  • 28
  • Thanks for the answer, but using limits.conf file allowed me to get capabilities for setting rt prio to my threads. How can we eplain that ? – Manuel Selva Apr 26 '12 at 09:33
  • Yes, `pam_limits` supports that, but in general capabilites are a different beast. There is some overlap, though. – ldx Apr 26 '12 at 09:38