cap_get_nsowner - Linux


cap_get_nsowner retrieves the user namespace owner details for the specified process. It determines if the process is in a user namespace and, if so, which user is the owner of the namespace.


cap_get_nsowner [--namespace-id PID/CGROUP/USERNS]


  • –namespace-id: Specifies the process, cgroup, or user namespace identifier to check. The default is the current process.


Get namespace owner for a process:

cap_get_nsowner --namespace-id PID

Get namespace owner for a user namespace:

cap_get_nsowner --namespace-id USERNS

Get namespace owner for a cgroup:

cap_get_nsowner --namespace-id CGROUP

Common Issues

  • If the process is not in a user namespace, the command will return an error.
  • If the user specified by --namespace-id does not exist, the command will also return an error.


cap_get_nsowner can be integrated with other commands to manage user namespaces effectively. For example:

# Check if a process is in a user namespace
if cap_get_nsowner --namespace-id PID >/dev/null 2>&1; then
  echo "Process $PID is in a user namespace"

Related Commands

  • unshare – Creates a user namespace.
  • usernamespaces – Linux kernel documentation on user namespaces.