cap_dup - Linux


The cap_dup command in Linux allows you to duplicate file capabilities from one file to another. It’s commonly used for granting or modifying specific privileges on files or directories for specific processes or users.


cap_dup [-v] source_file target_file


  • -v: Enable verbose output, providing detailed information about the process.


Granting Write Capability to a Directory:

cap_dup /bin/sh /home/user/my_dir

This command grants the write capability from the /bin/sh file to the /home/user/my_dir directory, allowing processes executed from that shell to write to the directory.

Duplicating Capabilities from a File to a Link:

cap_dup -v /etc/sudoers /etc/

With the verbose option, this command duplicates all capabilities from the /etc/sudoers file to the symbolic link /etc/

Common Issues

  • Ensure the source file has the desired capabilities before attempting duplication.
  • Verify that the target file exists and is writable by the current user.
  • Use the -v option to troubleshoot errors or obtain more information.


cap_dup can be combined with other commands to create more complex workflows:

ls -l $(cap_dup -v /bin/bash /tmp/test_file) | grep cap_sys_admin

This command chain finds and lists all files with the cap_sys_admin capability that have been duplicated from the /bin/bash file.

Related Commands

  • getcap: Get capabilities of a file or directory.
  • setcap: Set capabilities on a file or directory.
  • restorecon: Reset file capabilities to the default values.