How to list the capabilities associated with a process in *nix systems?

Question

From - man capabilities

UNIX implementations distinguish two categories of processes: privileged processes (whose effective user ID is 0, referred to as superuser or root), and unprivileged processes (whose effective UID is nonzero).

and

Starting with kernel 2.2, Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled. Capabilities are a per-thread attribute.

Does any Linux command or technique exist to determine the capabilities associated with a running process (or thread).

a little related post - [How to find out what linux capabilities a process requires to work?](https://stackoverflow.com/questions/35469038/how-to-find-out-what-linux-capabilities-a-process-requires-to-work) — samshers, Sep 17 '20 at 19:33

score 2 · Answer 1 · answered Sep 17 '20 at 19:16

2

The utility getpcaps will show the capabilities for a given PID.

From the man page:

SYNOPSIS

getpcaps pid...

DESCRIPTION

getpcaps displays the capabilities on the processes indicated by the pid value(s) given on the commandline. The capabilities are displayed in the cap_from_text(3) format.

answered Sep 17 '20 at 19:16

Michael Hampton

237,123
42
477
940

`ps` - output `PID TTY TIME CMD 25777 pts/1 00:00:00 bash 25811 pts/1 00:00:00 vi 25839 pts/1 00:00:00 ps ` and then – samshers Sep 17 '20 at 19:19
`sudo getpcaps 25777` output `25777: =` – samshers Sep 17 '20 at 19:20
same with - `sudo getpcaps 25811` output `25811: = ` – samshers Sep 17 '20 at 19:20
why are the capabilities empty - does it really mean there are no capabilities associated with these two processes – samshers Sep 17 '20 at 19:21
after `su -`, when i did the same for bash, `sudo getpcaps 25876` output `25876: =ep`. what is `=ep` – samshers Sep 17 '20 at 19:23
That's what it really means. Most processes won't have any capabilities associated with them. – Michael Hampton Sep 17 '20 at 19:23
Those are the flags, as documented in the cap_from_text man page which the answer referred you to. This process appears to have all capabilities granted to it. – Michael Hampton Sep 17 '20 at 19:26
any thing wrong with this - `man 3 cap_from_text` output `No manual entry for cap_from_text in section 3` – samshers Sep 17 '20 at 19:29
@samshers You don't have the package installed that provides that man page (it's in the -dev package). – Michael Hampton Sep 17 '20 at 19:34
could you please give the full package name, so i can apt install – samshers Sep 17 '20 at 19:42
`libcap2-dev` ?? no such package. – samshers Sep 17 '20 at 19:43
@samshers You didn't mention your Linux distribution? – Michael Hampton Sep 17 '20 at 19:54
Ubuntu 20.04.1 :-)) – samshers Sep 17 '20 at 19:55
1

@samshers Aha. Despite the base package being named `libcap2` the dev package is `libcap-dev`, no 2. – Michael Hampton Sep 17 '20 at 19:56

How to list the capabilities associated with a process in *nix systems?

1 Answers1