How to add Linux capability for CAP_IPC_OWNER in limits.conf?

Question

I have a /etc/security/limits.conf file as follows

manu             -       memlock         unlimited
manu             -       rtprio          100
manu             -       nice            40
manu             -       stack           unlimited

Now I want the user "manu" to be able to use the shmctl function requiring CAP_IPC_OWNER, how should I modify this file to have this capability? Is it possible?

Answer 1

That's not the place to set a capability. Use the system call capset() to do that, e.g. you start your process as root, set this capability with capset(), and then you can change your UID; or you can do that from another process but you need the pid.

An alternative is to use setcap() to set this as an attribute on your executable, see setcap(8).