cap_free - Linux


cap_free removes capabilities from a file or directory. Capabilities allow users to perform certain privileged operations that would normally require root access.


cap_free [-v] file ...


  • -v verbose output


To remove the CAP_SYS_ADMIN capability from /tmp/secret, use:

cap_free -v /tmp/secret

To remove all capabilities from a directory, use:

cap_free -v /some/directory

Common Issues

If you see an error saying "Operation not permitted", ensure you have sufficient permissions to modify the file or directory.


cap_free can be used with other commands to manage capabilities. For example, you can use cap_free to remove capabilities from a file before copying it to a different location:

cap_free -v /tmp/secret && cp /tmp/secret /backup

Related Commands

  • cap_bound – Set file capability bounds
  • cap_chown – Change file capability owner
  • cap_get – Get file capabilities
  • cap_set – Set file capabilities