# The "Default Linux Capabilities" module...

## R.Smith

... what does it actually do? Neither Google nor the description of the module were any help in finding out what it actually does.  :Confused: 

----------

## lnxz

Looking at the source it seems like it enables adjusting certain things/privileges in a more 'direct' way.

----------

## R.Smith

Thanks, lnxz. Do you know which things specifically, and how to change them?

----------

## lnxz

According to this FAQ my guess was only partly correct.

Seems like caps provides a way for applications to gain/drop certain privileges granted to the root user.

----------

## SRC_DoD

ewww i don't like the sound of that, from a sec standpoint

----------

## lnxz

Bad phrasing/choice of words on my part there, sorry.

What I meant was that it can controll what a process is allowed to do, not that application X suddenly could just switch to 'root mode' and start destroying your system.

----------

## interested1

It might be instructive to see the module in action in a system environment.  Take the module realtime-lsm which requires that "Defaul Linux Capabilities" is loaded as a module.  Realtime-lsm provides a way in which the kernel "[grants] realtime permissions to specific user groups or applications."  You can see a great example of this type of application in the functionality of JACK-- the low-latency audio server which needs certain programs and users to be granted special permissions, in this case, the realtime permissions.

I hope this gives you a better idea of its actual usage in a system.

----------

