On a classical Unix system the user root (UID 0) has all the
permissions
Hence root can read all files and kill every process
If a program needs a special permission it must have the identity
root.
For example a backup program only need read access to all files
By running as root he gains total control of the system and can kill
every process.
Capabilities are the partitionning of the root permissions/privilege
into a set of distinct privileges: ex: CAP_SYS_TIME: capability to set
time.
Capabilities are listed in /usr/src/linux/include/linux/capability.h.
Linux's Security Capabilities
® © Hervé Schauer Consultants 2000 -
4 bis, rue de la gare -
92300 Levallois-Perret