System Grab Bag

View all TLDR pages from Linux (or from all pages)

setcap

Set capabilities of specified file. See also: tldr getcap. More information: https://manned.org/setcap.
  • Set capability cap_net_raw (to use RAW and PACKET sockets) for a given file:
    setcap '{{cap_net_raw}}' {{path/to/file}}
  • Set multiple capabilities on a file (ep behind the capability means "effective permitted"):
    setcap '{{cap_dac_read_search,cap_sys_tty_config+ep}}' {{path/to/file}}
  • Remove all capabilities from a file:
    setcap -r {{path/to/file}}
  • Verify that the specified capabilities are currently associated with the specified file:
    setcap -v '{{cap_net_raw}}' {{path/to/file}}
  • The optional -n {{rootuid}} argument can be used to set the file capability for use only in a user namespace with this root user ID owner:
    setcap -n {{rootuid}} '{{cap_net_admin}}' {{path/to/file}}

License and Disclaimer

The content on this page is copyright © 2014—present the tldr-pages team and contributors.
This page is used with permission under Creative Commons Attribution 4.0 International License.

While we do attempt to make sure content is accurate, there isn't a warranty of any kind.