POSIX Capabilities Part2 - CAP_DAC_OVERRIDE - Bypass permission check

CAP_DAC_OVERRIDE: Allows a non-root user full file system access. Bypasses file read, write and execute permission check.

DAC stands for "discretionary access control"

Let's see an example using this capability.


You can see from the above screenshot, after giving 'CAP_DAC_OVERRIDE' capability, i am able to open '/etc/shadow' which only root user can access.

Comments

Popular posts from this blog

bb.utils.contains yocto

Difference between RDEPENDS and DEPENDS in Yocto

PR, PN and PV Variable in Yocto