filecap command
filecap shows available capabilities set on binaries in $PATH or specified directory
Typical usage: diagnosing permission issues, hardening of system services, binary analysisIntroduction into filecap
The filecap utility shows the current capabilities from the binaries defined in the PATH or specified directory.
This tool is useful to easily see which binaries currently have capabilities set on them via file system flags.
Example output
Scan $PATH for binaries and their capabilities.
# filecap
set file capabilities rootid
effective /usr/bin/ping net_raw
Filecap does not work if the binary path specified is a symbolic link to another directory.
# filecap /bin
Must be one regular file or directory
Show all available capabilities. See the capabilities overview for more details about them.
# filecap -d
chown
dac_override
dac_read_search
fowner
fsetid
kill
setgid
setuid
setpcap
linux_immutable
net_bind_service
net_broadcast
net_admin
net_raw
ipc_lock
ipc_owner
sys_module
sys_rawio
sys_chroot
sys_ptrace
sys_pacct
sys_admin
sys_boot
sys_nice
sys_resource
sys_time
sys_tty_config
mknod
lease
audit_write
audit_control
setfcap
mac_override
mac_admin
syslog
wake_alarm
block_suspend
audit_read
perfmon
bpf
checkpoint_restore
Installation
When filecap is not installed by default, it can be added to the system using the relevant software package.
Package information for filecap
| Operating system | Package name | Installation |
|---|---|---|
| AlmaLinux | libcap-ng-utils | |
| Arch Linux | libcap-ng-utils | |
| Debian | libcap-ng-utils | |
| Fedora | libcap-ng-utils | |
| Red Hat Enterprise Linux | libcap-ng-utils | |
| Rocky Linux | libcap-ng-utils | |
| Ubuntu | libcap-ng-utils | |
Your Linux distribution using a different package? Share your feedback.
Usage
Available options
| Option | Description |
|---|---|
| -a | Check file capabilities on the full system |
| Show a list of known capabilities |
Missing an option in this overview? Share your feedback.
Frequently Asked Questions
What is the filecap command and its purpose?
The filecap command is a command-line tool for Linux to show what capabilities are assigned to a file.
Which package provides the filecap command?
The command filecap is provided by the libcap-ng-utils package.
Relevant articles using the filecap command
The following articles include an example on how to use filecap and might be worth further exploring.
Related and similar commands
Linux has a lot of tools and commands available and sometimes you just need that little other tool. Here is a list of commands that are similar or related to filecap:
| Command | Category | Summary |
|---|---|---|
| capsh | capabilities | Linux capabilities testing and debugging tool |
| captest | capabilities | Capabilities and privilege escalation testing tool |
| firejail | sandboxing | Sandboxing tool for Linux |
| getcap | capabilities | Show file capabilities |
| getpcaps | capabilities | Show process capabilities |
| lsusb | capabilities | Show USB devices |
| netcap | capabilities | Display available capabilities for running processes using network sockets |
| pscap | capabilities | Display available capabilities for running processes |
| setcap | capabilities | Add or remove Linux capabilities to a file |
Also 💙 the command-line or terminal? Here is a set of cheat sheets for Linux to get more done from within the shell: