For this lab, you'll allow a normal user to run a Python web server. You can use any of your virtual machines. Let's get started:
- If Apache is installed on your virtual machine, ensure that it's stopped for Ubuntu:
sudo systemctl stop apache2
For CentOS, do the following:
sudo systemctl stop httpd
- Install Python 2 for Ubuntu:
sudo apt install python
For CentOS 7, do the following:
sudo yum install python
For CentOS 8, do the following:
sudo dnf install python2
- From within your own home directory, attempt to start the Python SimpleHTTPServer with just your normal user privileges, and note the error message on Ubuntu and CentOS 7:
python -m SimpleHTTPServer 80
On CentOS 8, you'll see the following:
python2 -m SimpleHTTPServer 80
- See if any capabilities are set on the Python executable file on CentOS 7:
getcap /usr/bin/python2
On Ubuntu and CentOS 8, do the following:
getcap /usr/bin/python2.7
- Set the CAP_NET_BIND_SERVICE capability on the Python executable file on CentOS 7:
sudo setcap 'CAP_NET_BIND_SERVICE+ep' /usr/bin/python2
On Ubuntu and CentOS 8, do the following:
sudo setcap 'CAP_NET_BIND_SERVICE+ep' /usr/bin/python2.7
- Repeat Steps 3 and 4. This time, it should work.
- Ensure that port 80 is open on the virtual machine firewall and use your host machine's web browser to access the server.
- Shut down the web server using Ctrl + C.
- View the capabilities that have been assigned to the ping executable:
getcap /usr/bin/ping
- Review the capabilities of the man page, especially the part about the various capabilities that are there.
That's the end of the lab – congratulations!
So far, you've seen how to set file capabilities and what they can and can't do for you. Next, we'll look at how to control system calls.