For this lab, you'll allow a normal user to run a Python web server. You can use any of your virtual machines. Let's get started:

1. If Apache is installed on your virtual machine, ensure that it's stopped for Ubuntu:

sudo systemctl stop apache2

For CentOS, do the following:

sudo systemctl stop httpd

2. Install Python 2 for Ubuntu:

sudo apt install python

For CentOS 7, do the following:

sudo yum install python

For CentOS 8, do the following:

sudo dnf install python2

3. From within your own home directory, attempt to start the Python SimpleHTTPServer with just your normal user privileges, and note the error message on Ubuntu and CentOS 7:

python -m SimpleHTTPServer 80

On CentOS 8, you'll see the following:

python2 -m SimpleHTTPServer 80

4. See if any capabilities are set on the Python executable file on CentOS 7:

getcap /usr/bin/python2

On Ubuntu and CentOS 8, do the following:

getcap /usr/bin/python2.7

5. Set the CAP_NET_BIND_SERVICE capability on the Python executable file on CentOS 7:

sudo setcap 'CAP_NET_BIND_SERVICE+ep' /usr/bin/python2

On Ubuntu and CentOS 8, do the following:

sudo setcap 'CAP_NET_BIND_SERVICE+ep' /usr/bin/python2.7

6. Repeat Steps 3 and 4. This time, it should work.
7. Ensure that port 80 is open on the virtual machine firewall and use your host machine's web browser to access the server.
8. Shut down the web server using Ctrl + C.
9. View the capabilities that have been assigned to the ping executable:

getcap /usr/bin/ping

10. Review the capabilities of the man page, especially the part about the various capabilities that are there.

That's the end of the lab – congratulations!

So far, you've seen how to set file capabilities and what they can and can't do for you. Next, we'll look at how to control system calls.