capget prints the capabilities of a process.

Examples

capget 1

capget $$

Overview

capget pid ...

Minimum unique abbreviation of option is acceptable. You may use double hyphens instead of single hyphen to denote options. You may use white space in place of the equals sign to separate an option name from its value.

General

The simplest way to look at the capabilities of a process is to look at the /proc/PID/status file. That file shows capabilities as a bit strings in hexadecimal. capget reads the capabilities from that same file, but interprets them for you in human readable form.

capget's output is to Standard Output and is in the same format as the input the capset, as in these examples:

chown

sys_admin,sys_module

!sysadmin,sys_module

This ! means "all capabilities except." Remember to escape this in a shell command

An empty string means no capabilities. A lone exclamation point (!) means all capabilities.

capget shows you both the capability bit string (in binary) and its user friendly interpretation of it. It uses the affirmative or negative (!) form, whichever is shorter.

Permission Needed

You don't need any permission to display a process' capabilities.

See Also

Use capset to set a process' capabilities.

Use a capx stub file, (see the mkcapx program) to associate capabilities with execing a certain program.

You can look directly at the /proc/PID/status file to see a process' capabilities and other permissions. You can use cat for that.

To interpret capabilities in a Perl program, use Gircap.pm.