Questions tagged [setcap]

The setcap utility changes a file's capabilities, a more fine-grained system of allowing an executable (runnable by non-root users) to perform trusted actions than making it always run as root.

The Linux kernel's capabilities system provide a potentially more secure alternative to setuid root executables, for allowing non-root users to run programs that perform some actions ordinarily reserved for root.

The setcap command sets the capabilities on files. Once set, an executable file will run with the specified capabilities. This manual page describes the format in which capabilities may be specified.

Sources (also recommended for further reading) :

7 questions

votes

2 answers

Are setcap-changes permanent

When using setcap for a file, is this change permanent or do I have to invoke setcap somewhere at boot time? setcap cap_sys_nice fooexecutable

setcap

asked Jan 04 '12 at 08:11

Michael K

14,338

votes

1 answer

What is 'setcap' command and 'file capability'?

What is the setcapcommand and what is file capability, also the meaning of below "setcap output: CAP_NET_RAW+eip CAP_NET_ADMIN+eip "/usr/bin/dumpcap" Running Wireshark - "Lua: Error during loading"

command-line setcap

asked Apr 25 '14 at 20:41

Mohammad Reza Rezwani

10,706

votes

2 answers

Making copy of /bin/ping exectuable

I have copied my /usr/bin/ping file to another location (my home directory) with just a typical cp /bin/ping p command and then it stopped working, because the lack of permissions. Precisely: Ping: icmp open socket: Operation not permitted. I…

command-line permissions ping setcap

asked Nov 18 '15 at 16:11

mtszkw

vote

1 answer

How does one provide sudo file read access privileges to a Wine application?

In accordance with best practices I desire not to run Wine as root, http://wiki.winehq.org/FAQ I see plenty of examples for use of setcap for networking, but not so much for file read access. Essentially, I'm trying to give an application the…

wine setcap

asked Jan 21 '13 at 01:50

Sn3akyP3t3

1,636

vote

1 answer

Permissions issue with conky getting ESSID, tried all the usual

Conky can't get my wireless essid due to the wl kernel module and neither could my normal user account. If I did sudo iwconfig wlan0 it was fine, and if I ran conky as root it was fine, but I don't want to do that. The solution was the here…

12.10 setcap

asked Oct 30 '12 at 11:30

Chris

vote

1 answer

Running a service will not bind to ports # 443 and # 80 despite application of sudo setcap 'cap_net_bind_service=+ep' /path/to/binary

The service starts and attemps to listen to port # 443, I get errno=99 which is EADDRNOTAVAIL and std::strerror(errno) reports "Cannot assign requested address". If I run sudo getcap /path/to/binary I get this: /usr/local/binary_file =…

networking server bind setcap

asked Sep 12 '20 at 18:49

Bamaco

votes

0 answers

how to set capabilities (setcap) on perf

So I asked the same question on Unix and Linux Stack Exchange, but I haven't received any answers. I'd like to use the perf utility. I was following instructions to set up a privileged group of users who are permitted to execute performance…

20.04 setcap

asked Dec 04 '21 at 12:29

levente.nas