tldr/pages/linux/setcap.md

26 lines
832 B
Markdown

# setcap
> Set capabilities of specified file.
> See also: `getcap`.
> More information: <https://manned.org/setcap>.
- Set capability `cap_net_raw` (to use RAW and PACKET sockets) for a given file:
`setcap '{{cap_net_raw}}' {{path/to/file}}`
- Set multiple capabilities on a file (`ep` behind the capability means "effective permitted"):
`setcap '{{cap_dac_read_search,cap_sys_tty_config+ep}}' {{path/to/file}}`
- Remove all capabilities from a file:
`setcap -r {{path/to/file}}`
- Verify that the specified capabilities are currently associated with the specified file:
`setcap -v '{{cap_net_raw}}' {{path/to/file}}`
- The optional `-n root_uid` argument can be used to set the file capability for use only in a user namespace with this root user ID owner:
`setcap -n {{root_uid}} '{{cap_net_admin}}' {{path/to/file}}`