filecap - a program to see capabilities
filecap [ -a | -d | /dir | /dir/file [cap1 cap2 ...] ]
is a program that prints out a report of programs with file based
capabilities. If a file is not in the report or there is no report at all, no
capabilities were found. For expedience, the default is to check only the
directories in the PATH environmental variable. If the -a command line option
is given, then all directories will be checked. If a directory is passed, it
will recursively check that directory. If a path to a file is given, it will
only check that file. If the path to the file includes capabilities, then they
are written to the file.
- This tells the program to show all capabilities starting
from the / directory. Normally the PATH environmental variable is used to
show you capabilities on files you are likely to execute.
- This dumps all capabilities for reference.
To check file capabilities in $PATH:
To check file capabilities of whole system:
To check file capabilities recursively in a directory:
To check file capabilities of a specific program:
To list all possible capabilities:
To set a file capability on a specific program:
filecap /bin/ping net_raw net_admin
To remove file capabilities on a specific program:
filecap /bin/ping none