Does NFS support Linux Capabilities?

Solution Verified - Updated -

Issue

  • Does NFS support Linux Capabilities?
  • I use Linux Capabilities in a daemon so that I can run the program as a non root user. The program grants itself CAP_DAC_OVERRIDE before changing from root to a less privileged user. The program successfully read local files owned by root with 600 permissions. However under the same scenario using NFS, this fails. From web searching articles state that NFS does not support caps is by design. Is this still the case? Or is there a specific set of capabilities that I need to grant to the program?

  • Do the system calls capget(2), cap_clear(3), cap_copy_ext(3), cap_from_text(3), cap_get_file(3), cap_get_proc(3), cap_init(3), capgetp(3), capsetp(3) or programs getcap(8), setcap(8) apply when accessing files over NFSv3 or NFSv4?

  • Running setcap over NFS fails:

# setcap cap_net_raw=eip /mnt/nfs/file
Failed to set capabilities on file `/mnt/nfs/file' (Operation not supported)

Environment

  • Red Hat Enterprise Linux
  • NFS (either NFSv3 or NFSv4)
  • Linux Capabilities

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In