setcap Command Examples

Set capabilities of specified file. See also: getcap. More information: https://manned.org/setcap.

• Set capability cap_net_raw (to use RAW and PACKET sockets) for a given file:

setcap '{{cap_net_raw}}' {{path/to/file}}

• Set multiple capabilities on a file (ep behind the capability means "effective permitted"):

setcap '{{cap_dac_read_search,cap_sys_tty_config+ep}}' {{path/to/file}}

• Remove all capabilities from a file:

setcap -r {{path/to/file}}

• Verify that the specified capabilities are currently associated with the specified file:

setcap -v '{{cap_net_raw}}' {{path/to/file}}

• The optional -n root_uid argument can be used to set the file capability for use only in a user namespace with this root user ID owner:

setcap -n {{root_uid}} '{{cap_net_admin}}' {{path/to/file}}