fi
AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
+
+AC_ARG_WITH(fcaps,
+ [AC_HELP_STRING([--with-fcaps], [use file capabilities instead of suid binaries for newuidmap/newgidmap @<:@default=no@:>@])],
+ [with_fcaps=$withval], [with_fcaps=no])
+AM_CONDITIONAL(FCAPS, test "x$with_fcaps" = "xyes")
+
+if test "x$with_fcaps" = "xyes"; then
+ AC_CHECK_PROGS(capcmd, "setcap")
+ if test "x$capcmd" = "x" ; then
+ AC_MSG_ERROR([setcap command not available])
+ fi
+fi
+
AC_SUBST(LIBSKEY)
AC_SUBST(LIBMD)
if test "$with_skey" = "yes"; then
echo " nscd support: $with_nscd"
echo " sssd support: $with_sssd"
echo " subordinate IDs support: $enable_subids"
+echo " use file caps: $with_fcaps"
echo
suidubins += chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
endif
if ENABLE_SUBIDS
+if !FCAPS
suidubins += newgidmap newuidmap
endif
+endif
if WITH_TCB
shadowsgidubins = passwd
chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \
done
endif
+if ENABLE_SUBIDS
+if FCAPS
+ setcap cap_setuid+ep $(DESTDIR)$(ubindir)/newuidmap
+ setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap
+endif
+endif