capng_have_capabilities - Linux


capng_have_capabilities is a security-related command in Linux used to determine whether a process has specific capabilities. It can be particularly useful in debugging capability-related issues, checking for privileged operations, and enhancing application security.


capng_have_capabilities [OPTIONS] [EFFECTIVE | BOUNDING | PERMITTED]


| Option | Default Value | Description |
| -e, –effective | n/a | Check effective capabilities |
| -b, –bounding | n/a | Check bounding capabilities |
| -p, –permitted | n/a | Check permitted capabilities |


# Check if the current process has CAP_NET_ADMIN capability
capng_have_capabilities CAP_NET_ADMIN

# Check if the process has CAP_SYS_ADMIN capability in its bounding set
capng_have_capabilities -b CAP_SYS_ADMIN

Common Issues

  • Insufficient privileges: This command requires root privileges to check capabilities.
  • Invalid capability: If the provided capability name is invalid, the command will return an error.


capng_have_capabilities can be used in conjunction with other commands:

  • getcap to display capabilities associated with a file or process
  • setcap to modify capabilities of a file or process
  • capsh to enter a new capability environment

Related Commands

  • capflags
  • capsh
  • getcap
  • setcap