filecap command
filecap shows available capabilities set on binaries in $PATH or specified directoryThe filecap utility shows the current capabilities from the binaries defined in the PATH or specified directory.
This tool is useful to easily see which binaries currently have capabilities set on them via file system flags.
Example output
Scan $PATH for binaries and their capabilities.
# filecap
set file capabilities rootid
effective /usr/bin/ping net_raw
Filecap does not work if the binary path specified is a symbolic link to another directory.
# filecap /bin
Must be one regular file or directory
Show all available capabilities. See the capabilities overview for more details about them.
# filecap -d
chown
dac_override
dac_read_search
fowner
fsetid
kill
setgid
setuid
setpcap
linux_immutable
net_bind_service
net_broadcast
net_admin
net_raw
ipc_lock
ipc_owner
sys_module
sys_rawio
sys_chroot
sys_ptrace
sys_pacct
sys_admin
sys_boot
sys_nice
sys_resource
sys_time
sys_tty_config
mknod
lease
audit_write
audit_control
setfcap
mac_override
mac_admin
syslog
wake_alarm
block_suspend
audit_read
perfmon
bpf
checkpoint_restore
Installation
When filecap command is not installed by default, it can be added to the system using the relevant software package.
Package information for filecap command
| Operating system | Package name | Installation |
|---|---|---|
| AlmaLinux | libcap-ng-utils | |
| Arch Linux | libcap-ng-utils | |
| Debian | libcap-ng-utils | |
| Fedora | libcap-ng-utils | |
| Red Hat Enterprise Linux | libcap-ng-utils | |
| Rocky Linux | libcap-ng-utils | |
| Ubuntu | libcap-ng-utils | |
Your Linux distribution using a different package? Share your feedback.
Usage
Available options
| Option | Description |
|---|---|
| -a | Check file capabilities on the full system |
| Show a list of known capabilities |
Missing an option in this overview? Share your feedback.