What are Linux capabilities?

Q: What are Linux capabilities?

Linux capabilities break the traditional all-or-nothing superuser model by dividing root privileges into discrete units that can be granted independently. Examples: CAP_NET_BIND_SERVICE (bind to ports < 1024 without being root), CAP_SYS_PTRACE (trace processes), CAP_CHOWN (change file ownership), CAP_KILL (send signals to any process), CAP_NET_ADMIN (network configuration). Manage with: getcap /path/binary (view), setcap cap_net_bind_service+ep /usr/bin/node (grant). Useful for: running web serv

Answer

Linux capabilities break the traditional all-or-nothing superuser model by dividing root privileges into discrete units that can be granted independently. Examples: CAP_NET_BIND_SERVICE (bind to ports < 1024 without being root), CAP_SYS_PTRACE (trace processes), CAP_CHOWN (change file ownership), CAP_KILL (send signals to any process), CAP_NET_ADMIN (network configuration). Manage with: getcap /path/binary (view), setcap cap_net_bind_service+ep /usr/bin/node (grant). Useful for: running web servers on port 80 without root, containers with minimal privileges. View a process's capabilities: cat /proc/PID/status | grep Cap; decode with capsh --decode=HEX.

How do you use strace and ltrace for debugging in Linux?

How do you use brace expansion and parameter expansion in bash?

More Linux / Shell Scripting Questions

View all →

Advanced What is a named pipe (FIFO) in Linux?
Advanced How do Linux signals work?
Advanced What is process substitution in bash?
Advanced How do you use trap in shell scripting?
Advanced What is the difference between login and non-login shells?

All Linux / Shell Scripting Questions Browse All Topics