Enable Linux Capabilities on MacOS

Question

By default, MacOS does not support linux capabilities.

This can be observed from the fact that the setcap command does not exist on MacOS.

As far as I can tell, the libcap library does not exist on MacOS.

Is there a way to enable or install linux capabilities or a similar system such that they can be utilized on MacOS?

Is it possible to manually patch MacOS to support capabilities?

Note: I am asking this mostly out of curiosity, not because I am trying to actually utilize this as a solution to a problem I have. I am aware that other solutions like setuid exist.

What makes you think that OSX has a `CAP_CHOWN` capability? Anyway, if you want users to be allowed to run `chown`, make them sudoers. Letting people run `chown` lets them run command as root if they want. — Gilles 'SO- stop being evil', Mar 23 '16 at 23:46
I don't mean the CAP_CHOWN capability directly, I mean capabilities in general. — John Militer, Mar 23 '16 at 23:53

score 1 · Answer 1 · edited Apr 13 '17 at 12:36

The original question asked how to grant users the capability to change file ownership. This is probably not a good idea, but you could grant a given user (or group) the ability to sudo and "limit" that to the chown command.

You might want to limit it further by installing (into an area where they could not modify it) a script which does the chown after checking that the pathnames it affects are not in the system area (though the recent security fixes for OSX would ward off most of the potential damage).

More generally, sudo is where to look. It can allow users (or groups, which means any user who's a member of a group) to execute specific commands — or any command.

Enable Linux Capabilities on MacOS

1 Answers1