RE: [Openvds-devel] Control Panel for OpenVDS-2

[Dave Cost]

> Isn't that a bit risky ? If those users will be root (even if
> chrooted), they
> will run processes as root as well, right ?

Right. But, when using capabilities root is just another uid. It's no
different than any other user, except that it has all the capabilities,
while a regular user has none.

What we'll do is loose some capabilities before becoming a virtual root. For
example we'll loose the capabilities to mess up with the network intefaces,
the capability to insert modules in the kernel and all the other dangerous
things.

Dave.