122 lines
3.0 KiB
HTML
122 lines
3.0 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of SETCAP</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>SETCAP</H1>
|
|
Section: Maintenance Commands (8)<BR>Updated: 2020-01-07<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
setcap - set file capabilities
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<B>setcap</B> [-q] [-n <rootid>] [-v] {<I>capabilities|-|-r} filename</I> [ ... <I>capabilitiesN</I> <I>fileN</I> ]
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
In the absence of the
|
|
<B>-v</B>
|
|
|
|
(verify) option
|
|
<B>setcap</B>
|
|
|
|
sets the capabilities of each specified
|
|
<I>filename</I>
|
|
|
|
to the
|
|
<I>capabilities</I>
|
|
|
|
specified. The optional
|
|
<B>-n <rootid></B>
|
|
|
|
argument can be used to set the file capability for use only in a
|
|
namespace with this rootid owner. The
|
|
<B>-v</B>
|
|
|
|
option is used to verify that the specified capabilities are currently
|
|
associated with the file. If -v and -n are supplied, the
|
|
<B>-n <rootid></B>
|
|
|
|
argument is also verified.
|
|
<P>
|
|
|
|
The
|
|
<I>capabilities</I>
|
|
|
|
are specified in the form described in
|
|
<I><A HREF="/cgi-bin/man/man2html?3+cap_from_text">cap_from_text</A></I>(3).
|
|
|
|
<P>
|
|
|
|
The special capability string,
|
|
<B>'-'</B>,
|
|
|
|
can be used to indicate that capabilities are read from the standard
|
|
input. In such cases, the capability set is terminated with a blank
|
|
line.
|
|
<P>
|
|
|
|
The special capability string,
|
|
<B>'-r'</B>,
|
|
|
|
is used to remove a capability set from a file. Note, setting an empty
|
|
capability set is
|
|
<B>not the same</B>
|
|
|
|
as removing it. An empty set can be used to guarantee a file is not
|
|
executed with privilege inspite of the fact that the prevailing
|
|
ambient+inheritable sets would otherwise bestow capabilities on
|
|
executed binaries.
|
|
<P>
|
|
|
|
The
|
|
<B>-q</B>
|
|
|
|
flag is used to make the program less verbose in its output.
|
|
<A NAME="lbAE"> </A>
|
|
<H2>EXIT CODE</H2>
|
|
|
|
The
|
|
<B>setcap</B>
|
|
|
|
program will exit with a 0 exit code if successful. On failure, the
|
|
exit code is 1.
|
|
<A NAME="lbAF"> </A>
|
|
<H2>REPORTING BUGS</H2>
|
|
|
|
Please report bugs via:
|
|
<DL COMPACT>
|
|
<DT id="1"><A HREF="https://bugzilla.kernel.org/buglist.cgi?component=libcap">https://bugzilla.kernel.org/buglist.cgi?component=libcap</A>&list_id=1047723&product=Tools&resolution=---<DD>
|
|
</DL>
|
|
<A NAME="lbAG"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?3+cap_from_text">cap_from_text</A></B>(3),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?3+cap_set_file">cap_set_file</A></B>(3),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+getcap">getcap</A></B>(8)
|
|
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="2"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="3"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="4"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="5"><A HREF="#lbAE">EXIT CODE</A><DD>
|
|
<DT id="6"><A HREF="#lbAF">REPORTING BUGS</A><DD>
|
|
<DT id="7"><A HREF="#lbAG">SEE ALSO</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:06:16 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|