Are setcap-changes permanent

Question

When using setcap for a file, is this change permanent or do I have to invoke setcap somewhere at boot time?

setcap cap_sys_nice fooexecutable

score 21 · Accepted Answer · edited Jan 15 '20 at 05:33

The setcap on the file stores the capabilities in an extended attribute with a call to setxattr. This extended attribute is stored like other attributes (ownership, rights...) in the filesystem.

Since kernel 2.6.24, the kernel supports associating capability sets with an executable file using setcap(8). The file capability sets are stored in an extended attribute (see setxattr(2)) named security.capability.

So, you don't have to reset your cap on each reboot.

score 0 · Answer 2 · answered Dec 12 '18 at 03:51

The changes are permanent but I have experienced issues when used with nodejs.

You can use authbind to provide permission by user

sudo touch /etc/authbind/byport/80
sudo chown user:user /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/80

Are setcap-changes permanent

2 Answers2