setcap Command: Examples, Options, and Usage

常用示例

Example

setcap 'cap_net_raw' path/to/file

Example

setcap 'cap_dac_read_search,cap_sys_tty_config+ep' path/to/file

Remove

setcap -r path/to/file

Verify

setcap -v 'cap_net_raw' path/to/file

Example

setcap -n root_uid 'cap_net_admin' path/to/file

说明

setcap sets capabilities on files, allowing processes to gain specific elevated privileges without full root access. This provides fine-grained security control as an alternative to setuid binaries.

参数

-r: Remove all capabilities from file
-v: Verify specified capabilities match file
-n _rootuid_: Set capabilities for specific user namespace
+e: Effective flag - capability is active
+p: Permitted flag - capability can be used
+i: Inheritable flag - passed to child processes

FAQ

What is the setcap command used for?

setcap sets capabilities on files, allowing processes to gain specific elevated privileges without full root access. This provides fine-grained security control as an alternative to setuid binaries.

How do I run a basic setcap example?

Run `setcap 'cap_net_raw' path/to/file` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -r do in setcap?

Remove all capabilities from file

setcap 命令

常用示例

说明

参数

FAQ

相关命令