cap_free - Linux
Overview
cap_free removes capabilities from a file or directory. Capabilities allow users to perform certain privileged operations that would normally require root access.
Syntax
cap_free [-v] file ...
Options/Flags
- -v verbose output
Examples
To remove the CAP_SYS_ADMIN
capability from /tmp/secret
, use:
cap_free -v /tmp/secret
To remove all capabilities from a directory, use:
cap_free -v /some/directory
Common Issues
If you see an error saying "Operation not permitted", ensure you have sufficient permissions to modify the file or directory.
Integration
cap_free can be used with other commands to manage capabilities. For example, you can use cap_free
to remove capabilities from a file before copying it to a different location:
cap_free -v /tmp/secret && cp /tmp/secret /backup
Related Commands
- cap_bound – Set file capability bounds
- cap_chown – Change file capability owner
- cap_get – Get file capabilities
- cap_set – Set file capabilities