getcap

Get capabilities for the given files

$ getcap [path/to/file1 path/to/file2 ...]

$ getcap -r [path/to/directory1 path/to/directory2 ...]

$ getcap -v [path/to/file1 path/to/file2 ...]

getcap [-v] [-r] [-n] [-q] [ ... ]

-v
    Verbose mode. Display extended attribute names.

-r
    Raw mode. Output the capabilities string directly.

-n
    No filename output. Only show the capabilities string if any are set.

-q
    Quiet mode. Suppress error messages about files that cannot be accessed.

[ ... ]
    List of files to check for capabilities.

The `getcap` command is a utility used to examine the file capabilities of one or more files.

Capabilities are a security feature that allows granting specific privileges to executables without requiring them to be run with root privileges (UID 0). Instead of granting all-or-nothing root access, capabilities provide a finer-grained control, reducing the potential impact of security vulnerabilities. `getcap` displays the capabilities that are set on specified files, indicating which capabilities are effective, permitted, or inheritable. It is useful for verifying if specific capabilities have been properly configured and understanding the security context in which a program will run.

Capabilities are stored as extended attributes on the filesystem.

The filesystem needs to support extended attributes for capabilities to work. Also, the kernel needs to have capability support enabled.

Example 1: Display capabilities of /usr/bin/ping:
`getcap /usr/bin/ping`

Example 2: Display capabilities of multiple files:
`getcap /usr/bin/ping /usr/sbin/tcpdump`

Example 3: Using verbose output:
`getcap -v /usr/bin/ping`

setcap(1), capsh(1), capabilities(7)