Home
Download
Support
Forum
Impressum

CapabilitiesSet

<h1> CapabilitiesSet</h1>

 

<h2>Name</h2>

CapabilitiesSet -- Configure the set of Linux capabilities processed

 

<h2>Synopsis</h2>

CapabilitiesSet [ <code class="OPTION">[+/-]capability</code>...]

 

Default

</dt><dd>

CapabilitiesSet +CAP_CHOWN

</dd><dt> 

Context

</dt><dd>

server config, <VirtualHost>, <Global>

</dd><dt> 

Module

</dt><dd>

mod_cap

</dd><dt> 

Compatibility

</dt><dd>

1.2.8rc1 and later

</dd></dl>

 

<h2>Description</h2>

By default, mod_cap removes all but two capabilities from the session-handling process: CAP_NET_BIND_SERVICE, for binding to ports lower than 1024 (required for active data transfers), and CAP_CHOWN, for allowing a process to change a file's ownership to a different user. The latter capability is only strictly necessary if the UserOwner configuration directive is in use; if not being used, the CAP_CHOWN capability is best removed. The CapabilitiesSet directive is used to manipulate the set of capabilities that mod_cap grants.

To remove a capability, prefix the name with a '-'; to enable a capability, use '+'. At present, this directive only supports one capability: CAP_CHOWN.

 

<h2>Example</h2>

<IfModule mod_cap.c> CapabilitiesEngine on CapabilitiesSet -CAP_CHOWN </IfModule>