👉 Overview
👀 What ?
Linux Capabilities are a partitioning of the all powerful root privilege into a set of distinct privileges. They allow fine-grained control over superuser permissions, reducing the potential for privilege escalation attacks.
🧐 Why ?
Understanding Linux Capabilities is crucial for system administrators and security professionals. They provide a way to delegate certain superuser powers to unprivileged users in a controlled manner, mitigating the risks associated with granting full superuser access. Furthermore, they are key to hardening Linux systems against privilege escalation attacks.
⛏️ How ?
Linux Capabilities can be managed using the 'setcap' and 'getcap' commands. For instance, to grant a user the ability to bind to network ports below 1024, you can use 'setcap cap_net_bind_service=+ep /path/to/program'. To view the capabilities of a program, use 'getcap /path/to/program'.
⏳ When ?
Linux Capabilities were introduced in the Linux kernel in version 2.2 (1999) as a means to divide the power of the root user into smaller, assignable units.
⚙️ Technical Explanations
Linux Capabilities are implemented at the kernel level. When a process makes a system call that requires elevated privileges, the kernel checks the process's capabilities to determine if it has the necessary permissions. Each capability is a bit in a bitmask, and each process has three sets of these bits: the effective set (the capabilities used by the kernel for permission checks), the inheritable set (capabilities that can be passed through exec), and the permitted set (the maximum capabilities the process can have).