Sodamhan.com

TL;DR

setcap

Set capabilities of specified file. See also: getcap. More information: https://manned.org/setcap.

  • Set capability cap_net_raw (to use RAW and PACKET sockets) for a given file:

setcap 'cap_net_raw' path/to/file

  • Set multiple capabilities on a file (ep behind the capability means “effective permitted”):

setcap 'cap_dac_read_search,cap_sys_tty_config+ep' path/to/file

  • Remove all capabilities from a file:

setcap -r path/to/file

  • Verify that the specified capabilities are currently associated with the specified file:

setcap -v 'cap_net_raw' path/to/file

  • The optional -n root_uid argument can be used to set the file capability for use only in a user namespace with this root user ID owner:

setcap -n root_uid 'cap_net_admin' path/to/file

This document was created using the contents of the tldr project.