capget - Linux

Overview

The capget command retrieves the effective capabilities of a specified process or user. It is a versatile tool for examining capability configurations in Linux systems.

Syntax

capget [options] <pid>
capget [options] <user>

Options/Flags

• -c: Display capabilities in a human-readable format instead of numeric.
• -e: Retrieve capabilities for the invoking process or user if no target is specified.
• -v: Verbose mode for additional information about retrieved capabilities.

Examples

Get capabilities of a PID:

capget 1234

Get capabilities of a user:

capget -c alice

Determine if a process has a specific capability:

capget -v -c 1234 | grep CAP_NET_ADMIN

Common Issues

• Permission denied: Ensure you have sufficient privileges (e.g., root user) to retrieve capabilities.
• No running process: Specify a valid PID when targeting a process.
• User not found: Verify the existence of the user specified as a target.

Integration

• Use capget with setcap to modify capabilities of a file or process.
• Integrate capget into shell scripts to automate capability management tasks.

Related Commands

• setcap: Modify the capabilities of a file or process.
• cap_mkremap: Create a new capability mapping.
• Kernel Capabilities: Official Linux kernel documentation on capabilities.