capng_fill - Linux


capng_fill is a powerful Linux command that allows users to fill a capability set with capabilities. It is primarily used for managing and manipulating capabilities in Linux systems, enabling fine-grained control over the permissions granted to processes and users.


capng_fill [options] [cap1] [cap2] [...]


  • -f: Fill the capability set by matching the specified capabilities to a given file or directory.
  • -a: Add the specified capabilities to the existing capability set.
  • -r: Remove the specified capabilities from the existing capability set.


Fill a capability set with specific capabilities:

capng_fill setcap 1 2 3

Add capabilities to an existing set:

capng_fill -a setcap 4

Remove capabilities from an existing set:

capng_fill -r setcap 2 3

Common Issues

  • Incorrect capability names: Ensure that the specified capabilities are valid and match the desired functionality.
  • Permission denied: Verify that the user has sufficient privileges to modify capabilities.
  • Conflicting capabilities: Consider the implications of combining different capabilities and potential conflicts that may arise.


capng_fill can be combined with other commands like setcap for applying capability sets to processes or files. For example:

setcap $(capng_fill chown,mknod,dac_override) /bin/my_script

Related Commands

  • getcap: Get the capabilities associated with a file or process.
  • setcap: Set the capabilities of a file or process.
  • capabilities(7): Linux man page on Linux capabilities.