setcap command

setcap adds or removes available file capabilities

• Installation
  • AlmaLinux
  • Arch Linux
  • Debian
  • Fedora
  • Red Hat Enterprise Linux
  • Rocky Linux
  • openSUSE
  • Ubuntu
• Usage
• Examples

Introduction into setcap

The setcap is a small utility to add or remove file capabilities and can be used together with the getcap command. Both may help better understanding the available Linux capabilities that are available to a binary and related process.

Installation

When setcap is not installed by default, it can be added to the system using the relevant software package.

Package information for setcap

dnf install libcap

pacman -S libcap

apt install libcap2-bin

dnf install libcap

dnf install libcap

dnf install libcap

zypper install libcap-progs

apt install libcap2-bin

Your Linux distribution using a different package? Share your feedback.

Usage

Examples using setcap

Enable multiple capabilities to our test file

setcap 'cap_net_bind_service=ep cap_setgid=ep cap_setuid=ep cap_sys_admin=ep' ./testfile

Remove all capabilities from a file

setcap -r ./testfile

Frequently Asked Questions

What is the setcap command and its purpose?

The setcap command is a command-line tool to add or remove any file capabilities.

Which package provides the setcap command?

The command setcap is provided by the libcap, libcap-progs, or libcap2-bin package.

Relevant articles using the setcap command

The following articles include an example on how to use setcap and might be worth further exploring.

• Linux Capabilities: Hardening Linux binaries by removing setuid

Related and similar commands

Linux has a lot of tools and commands available and sometimes you just need that little other tool. Here is a list of commands that are similar or related to setcap: