Linux Capabilities are like Superpowers
March 15, 2021 / 4 minute read
Share this:
If you were a superhero, what would your superpower be? That is such a great discussion starter!
The Analogy
Linux Capabilities are like Superpowers
The number of superpowers out there in the imaginations of content creators is simply astounding. Just check out the X-Men universe, if you don't believe me! However, most people tend towards the common ones (flight, super strength, invisibility, teleportation, etc.). There are also real life super powers like empathy, perseverance, forgiveness, and love... I digress.
Linux Capabilities, on the other hand, are a notion of providing "advanced access" to certain programs on a linux computer. If you have ever heard of "sudo" (short for "super-user do"), you are on the right track! The basic idea is that most programs only get access to do certain things (walk, talk, sleep, etc.), but others can be given access to do more (like restart the computer).
If you are not familiar with "linux" just think about a normal computer. Linux is a computer "Operating System," which means it is the foundation for all of a computer's computering. Other common Operating Systems are Mac and Windows.
Linux is a lovely computer operating system with amazing support for using a terminal (i.e. no point and click, no mouse, only typing). Believe it or not, that turns out to be an amazing thing for programmers!
The Windows analog to linux capabilities would be "Administrator" and some notion of privileges (sorry, I am not a Windows expert). Where Windows is used for most desktops, Linux basically runs most of the world's computer infrastructure (digital sand castles) for hosting websites, databases, etc.
The High Points
-
Super powers are special, which means they are not given often. (If they were, they would not be "super"). In an ideal world, not many services would require / have access to these privileged capabilities, so that your digital world is more secure!
- Say a crime requires super strength, and the crime occurs. Who did it!? Well if only one person has super strength, it is much easier to point the finger than if everyone does!
- To maintain the analogy, if nobody has super strength, the crime cannot happen!
-
Part of the value of containers (mini-sand-castles) in the modern world is precisely because of the isolation that they provide, often in terms of access and capabilities. You can give linux capabilities to containers too, but most admins would rather not (see the previous point)!
-
Super powers are widely varied. So are linux capabilities! One will let you change ownership on random files (like being the title office for the computer -
CAP_CHOWN
), while another will let you define the time (who wouldn't love this in real life? -CAP_SYS_TIME
), and another will allow you to awake the computer at any time (CAP_WAKE_ALARM
). Hopefully it makes sense why these should be closely guarded. Just like you, the computer does not want everyone to be able to wake them in the middle of the night for no reason!
The Breakdown
I love the idea of super powers just as much as the next person. Ok, you're right, my 5 year old probably likes super powers more. In any case, "real life" super powers are generally more practical and useful than linux capabilities for things like fighting crime, capturing criminals, and saving the world.
Moreover, they are definitely going to stick in your mind a lot more vividly
than CAP_SYS_TTY_CONFIG
. And who knows what a TTY is?
(TeleTypeWriter - a place to type
commands - now you know!)
This is why software people love documentation, even if it is not pretty, because there is basically zero chance of my remembering stuff like that.
Closing
Linux capabilites may be less magical, mystifying, and memorable than super powers, but for people (like me) who play in digital sand castles for a living, they are definitely the next best thing.
After all, I may not be fighting crime and saving the world, but keeping the hackers from having super powers just may prevent the need for crime fighting in the first place!