cap_fill - Linux


cap_fill is a Linux tool for adjusting the file capabilities of a specified file or directory. It’s commonly used to grant specific permissions or alter the access control of files and directories.


cap_fill [-chv] [-a capability-set] [-d capability-set] [-t capability-set] [-r capability-set] FILE...


  • -a: Append specified capabilities to the file’s current set.
  • -c: Convert the capability set to a human-readable form.
  • -d: Remove specified capabilities from the file’s current set.
  • -h: Display help message.
  • -r: Replace the file’s current capability set with the specified set.
  • -t: Display a more verbose output for the capability set.
  • -v: Enable verbose mode for displaying additional information.


Granting additional capabilities to a file:

$ cap_fill -a cap_sys_admin myfile

Removing specific capabilities from a directory:

$ cap_fill -d cap_chown,cap_fowner mydir

Replacing the entire capability set of a file:

$ cap_fill -r cap_net_bind_service,cap_net_admin example.txt

Common Issues

  • Ensure you have sufficient permissions to modify the file’s capabilities.
  • Double-check the syntax and ensure all arguments are correct.
  • If the command doesn’t seem to take effect, check the file’s permissions and ensure the updated capabilities are reflected.


cap_fill can be combined with other commands to manage file permissions and capabilities effectively. For instance:

$ find /tmp -type f -exec cap_fill -t {} \;

This command will display the detailed capabilities of all regular files in the /tmp directory.

Related Commands

  • getcap: Retrieves the capabilities of a specified file or directory.
  • setcap: Modifies file capabilities permanently.
  • lscap: Lists the capabilities of a specified file or directory.

For official documentation, refer to the Linux kernel website at