cap_get_pid - Linux


cap_get_pid is a command-line utility that retrieves the capabilities of a running process. It provides a detailed overview of the permissions granted to the process, allowing users to check and verify its security context.


cap_get_pid [-h] [-v] [-p PID]


  • -h, --help: Display usage information.
  • -v, --verbose: Enable verbose output, including the full list of capabilities.
  • -p PID, --pid PID: Specify the process ID of the target process. Defaults to the invoking process’ PID if not specified.


Get capabilities of the current process:


Verbosely display capabilities of PID 1234:

cap_get_pid -vp 1234

Check if a specific capability is enabled for PID 4567:

cap_get_pid -p 4567 | grep CAP_SYS_ADMIN

Common Issues

  • Permission denied: Ensure you have root privileges or appropriate authorization to access process capabilities.
  • Invalid PID: Verify that the specified PID is valid and running.
  • No output: If no output is displayed, check that the specified PID has any capabilities.


cap_get_pid can be used in conjunction with other commands to analyze and manage process permissions. For instance:

  • strace -e trace=capable cap_get_pid: Trace the syscalls made by cap_get_pid.
  • find /proc -maxdepth 1 -type d -exec cap_get_pid -p {} \;: Check capabilities for all running processes.

Related Commands

  • cap_set_pid: Set the capabilities of a process.
  • getcap: Retrieve capabilities from a file.
  • setcap: Set capabilities on a file.