HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |SYNOPSIS |DESCRIPTION |EXIT CODE |REPORTING BUGS |SEE ALSO |COLOPHON | |
SETCAP(8) System Manager's ManualSETCAP(8)setcap - set file capabilities
setcap[-q] [-n <rootuid>] [-v] {capabilities|-|-r} filename [ ...capabilitiesN fileN ]In the absence of the-v(verify) optionsetcapsets the capabilities of each specifiedfilename to thecapabilities specified. The optional-n <rootuid>argument can be used to set the file capability for use only in a user namespace with this root user ID owner. The-voption is used to verify that the specified capabilities are currently associated with the file. If -v and -n are supplied, the-n <rootuid>argument is also verified. Thecapabilities Set are specified in the form described incap_text_formats(7). The special capability string,'-', can be used to indicate that capabilities are read from the standard input. In such cases, the capability set is terminated with a blank line. The special capability string,'-r', is used to remove a capability set from a file. Note, setting an empty capability set isnot the sameas removing it. An empty set can be used to guarantee a file is not executed with privilege in spite of the fact that the prevailing ambient+inheritable sets would otherwise bestow capabilities on executed binaries. The'-f', is used to force completion even when it is in some way considered an invalid operation. This can affect'-r'and setting file capabilities the kernel will not be able to make sense of. The-qflag is used to make the program less verbose in its output.
Thesetcapprogram will exit with a 0 exit code if successful. On failure, the exit code is 1.
Please report bugs via:https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1090757
capsh(1),cap_from_text(3),cap_get_file(3),cap_text_formats(7),capabilities(7),user_namespaces(7),captree(8),getcap(8) andgetpcaps(8).
This page is part of thelibcap (capabilities commands and library) project. Information about the project can be found at ⟨https://git.kernel.org/pub/scm/libs/libcap/libcap.git/⟩. If you have a bug report for this manual page, send it to morgan@kernel.org (please put "libcap" in the Subject line). This page was obtained from the project's upstream Git repository ⟨https://git.kernel.org/pub/scm/libs/libcap/libcap.git/⟩ on 2025-08-11. (At that time, the date of the most recent commit that was found in the repository was 2025-08-10.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.org 2025-03-19SETCAP(8)Pages that refer to this page:capsh(1), cap_iab(3), libcap(3), capabilities(7), cap_text_formats(7), getcap(8), getpcaps(8)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |