My program is using the Linux system call
setpriority() to change the priorities of the threads it creates. It needs to set negative priorities (-10) but, as mentioned on the documentation, this fails when run as a normal user.
The user needs the
CAP_SYS_NICE capability to be able to set the priorities as he wants, but I have no idea how to give such capability to the user.
So my question: how to set
CAP_SYS_NICE capability to a Linux user?
Jan Hudec is right that a process can't just give itself a capability, and a setuid wrapper is the obvious way get the capability. Also, keep in mind that you'll need to
prctl(PR_SET_KEEPCAPS, ...) when you drop root. (See the
prctl man page for details.) Otherwise, you'll drop the capability when you transition to your non-root real user id.
If you really just want to launch user sessions with a different allowed nice level, you might see the
limits.conf man pages, as the
pam_limits module allows you to change the hard nice limit. It could be a line like:
yourspecialusername hard nice -10