cap_get_file - Linux


The cap_get_file command is a tool used to retrieve the capabilities associated with a regular file. These capabilities define the extended privileges or permissions that can be exercised on a file beyond the standard file permissions. cap_get_file is commonly utilized to analyze file access rights and investigate potential security vulnerabilities.


cap_get_file [-v] <file>


-v, –verbose
Print detailed information about each capability.


Display capabilities of a file named ‘sensitive.txt’:

cap_get_file sensitive.txt

Verbose output with details on each capability:

cap_get_file -v sensitive.txt

Common Issues

  • Incorrect file path or non-existent files will result in an error.
  • Ensure you have sufficient privileges (e.g., root user) to retrieve file capabilities.


cap_get_file can integrate with other commands for advanced analysis:

Get capabilities and filter by specific flag:

cap_get_file sensitive.txt | grep inherit

Chain cap_get_file with ls to list files with specific capabilities:

find . -type f | xargs --no-run-if-empty cap_get_file | grep -E "inherit|keep"

Related Commands

  • getcap(1): Retrieve and display capabilities for various objects.
  • setcap(1): Set capabilities on files.
  • Capabilities HOWTO: In-depth documentation on Linux capabilities.