======= mod_cap ======= mod_cap provides support for the POSIX.1e security model. Without going into gory detail, POSIX.1e basically specifies an interface to such goodies as capabilities, capability sets, access control lists, mandatory access control and much, much more. The end result of this security model allows compliant systems and daemons to have very fine-grained control over what operations are allowed by which services on the system. Using these features allows a userland program to specifically drop capabilities (which can be thought of as "privileges") which it does not need. Once such capabilities are completely dropped, neither the userland program nor any process it should spawn will be allowed to perform privileged operations, regardless of whether the program is running as root. Essentially, this limits the power of root to only those specific functions that are necessary, with the end effect of making the program much more secure. Additionally, a small library is included in contrib/: libcap. This library provides the interface between mod_cap and the capability syscalls present in Linux kernels. (Note that this library is simply a slightly modified version of the libcap library which can be found at ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/). Building ProFTPD with the mod_cap module included (see below for instructions on how to do this) will automatically build and link in the required libcap library. When ProFTPD runs with mod_cap installed, its operation changes slightly: * The master proftpd process runs as normal, with full capabilities. * The child proftpd processes, the ones that handle FTP sessions, drop all capabilities-except for CAP_NET_BIND_SERVICE (which allows a process to bind to port less than 1024) and CAP_CHOWN (which allows a process to change a file's ownership)-immediately after a client has authenticated. Additionally, switching back and forth between root privs and the authenticated user's privs is no longer possible. ============ Installation ============ After unpacking the latest ProFTPD distribution, follow the normal steps for using third-party modules with ProFTPD: ./configure --with-modules=mod_cap make make install