[svlug] capabilities

Sarah Newman newmans at sonic.net
Wed Sep 2 22:14:45 PDT 2015

Something called "capabilities" was discussed after the end of the talk tonight for setting more fine grained rights than root access. I found how to
use this for ping instead of setuid:

chmod u-s /bin/ping; setcap cap_net_raw+pe /bin/ping

'man capabilities' lists the options for your kernel.

This person discusses which capabilities are effectively root access circa 2011, not sure how this has changed:


On ubuntu setcap is part of libcap2-bin which has some other interesting looking stuff

$ apt-file show libcap2-bin
libcap2-bin: /sbin/capsh
libcap2-bin: /sbin/getcap
libcap2-bin: /sbin/getpcaps
libcap2-bin: /sbin/setcap

ansible has an extras module for it



More information about the svlug mailing list