26 Jul
2011
26 Jul
'11
2:05 p.m.
On Tue, 26 Jul 2011 14:54:18 +0100 Bryn M. Reeves wrote:
As others have said, that's how rsh "security" "works" - if you need to strace the command as a non-root user you might be able to come up with something involving dropping the file capability and granting cap_net_bind_service to the user you need to strace as (obviously this grants that user the ability to bind any port they like but for debugging you might chose to allow that).
I was looking for that, but can't find the slightest shred of evidence that a user can be granted a capability in any of the googling I have done. All I can find is setcap for granting a file capability.