setcap
The "setcap" command line tool is used to set or modify the capabilities of a binary executable in Linux systems. Capabilities refer to special permissions beyond the traditional user and group permissions. The tool is typically used to grant specific capabilities to a program, allowing it to perform privileged operations without the need for full root privileges. This improves security by reducing the attack surface. The "setcap" command requires administrative privileges to execute, hence it is usually used by system administrators. It operates by allowing certain capabilities, such as network binding or raw socket access, to be associated with an executable. These capabilities are then inherited by the program when it runs, granting it the necessary permissions to perform the allowed operations.
List of commands for setcap:
-
setcap:tldr:29780 setcap: Set capability `cap_net_raw` (to use RAW and PACKET sockets) for a given file.$ setcap '${cap_net_raw}' ${filename}try on your machineexplain this command
-
setcap:tldr:328e6 setcap: The optional `-n {{rootuid}}` argument can be used to set the file capability for use only in a user namespace with this root user ID owner.$ setcap -n ${rootuid} '${cap_net_admin}' ${filename}try on your machineexplain this command
-
setcap:tldr:3ea87 setcap: Remove all capabilities from a file.$ setcap -r ${filename}try on your machineexplain this command
-
setcap:tldr:fcb3a setcap: Verify that the specified capabilities are currently associated with the specified file.$ setcap -v '${cap_net_raw}' ${filename}try on your machineexplain this command