capget prints the capabilities of a process.
capget 1
capget $$
capget pid ...
Minimum unique abbreviation of option is acceptable. You may use double hyphens instead of single hyphen to denote options. You may use white space in place of the equals sign to separate an option name from its value.
The simplest way to look at the capabilities of a process is to look at the /proc/PID/status file. That file shows capabilities as a bit strings in hexadecimal. capget reads the capabilities from that same file, but interprets them for you in human readable form.
capget's output is to Standard Output and is in the same format as the input the capset, as in these examples:
chown
sys_admin,sys_module
!sysadmin,sys_module
This ! means "all capabilities except." Remember to escape this in a shell command
An empty string means no capabilities. A lone exclamation point (!) means all capabilities.
capget shows you both the capability bit string (in binary) and its user friendly interpretation of it. It uses the affirmative or negative (!) form, whichever is shorter.
You don't need any permission to display a process' capabilities.
Use capset to set a process' capabilities.
Use a capx stub file, (see the mkcapx program) to associate capabilities with execing a certain program.
You can look directly at the /proc/PID/status file to see a process' capabilities and other permissions. You can use cat for that.
To interpret capabilities in a Perl program, use Gircap.pm.