getcap(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | REPORTING BUGS | SEE ALSO | COLOPHON

GETCAP(8)                System Manager's Manual               GETCAP(8)

NAME         top

       getcap - examine file capabilities

SYNOPSIS         top

       getcap [-v] [-n] [-r] [-h] filename [ ... ]

DESCRIPTION         top

       getcap displays the name and capabilities of each specified file.

OPTIONS         top

       -h  prints quick usage.

       -n  prints any non-zero user namespace root user ID value found
           to be associated with a file's capabilities.

       -r  enables recursive search.

       -v  display all searched entries, even if the have no file-
           capabilities.

       NOTE: an empty value of '=' is not equivalent to an omitted (or
       removed) capability on a file. This is most significant with
       respect to the Ambient capability vector, since a process with
       Ambient capabilities will lose them when executing a file having
       '=' capabilities, but will retain the Ambient inheritance of
       privilege when executing a file with an omitted file capability.
       This special empty setting can be used to prevent a binary from
       executing with privilege. For some time, the kernel honored this
       suppression for root executing the file, but the kernel
       developers decided after a number of years that this behavior was
       unexpected for the superuser and reverted it just for that user
       identity. Suppression of root privilege, for a process tree, is
       possible, using the capsh(1) --mode option.

       filename
           One file per line.

REPORTING BUGS         top

       Please report bugs via:

       https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1090757

SEE ALSO         top

       capsh(1), cap_get_file(3), cap_to_text(3), capabilities(7),
       user_namespaces(7), captree(8), getpcaps(8) and setcap(8).

COLOPHON         top

       This page is part of the libcap (capabilities commands and
       library) project.  Information about the project can be found at
       ⟨https://git.kernel.org/pub/scm/libs/libcap/libcap.git/⟩.  If you
       have a bug report for this manual page, send it to
       morgan@kernel.org (please put "libcap" in the Subject line).
       This page was obtained from the project's upstream Git repository
       ⟨https://git.kernel.org/pub/scm/libs/libcap/libcap.git/⟩ on
       2023-12-22.  (At that time, the date of the most recent commit
       that was found in the repository was 2023-06-24.)  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to man-pages@man7.org

                               2021-08-29                      GETCAP(8)

Pages that refer to this page: capsh(1)libcap(3)capabilities(7)getpcaps(8)setcap(8)