capng_have_capability - Linux


The capng_have_capability command examines a capability set and reports whether a specified capability is present. It’s primarily used for checking if a process has specific capabilities, typically in security-sensitive contexts or privilege escalation scenarios.


capng_have_capability CAPABILITY_SET CAPABILITY


  • CAPABILITY_SET: The capability set to be examined, typically represented as a comma-separated list of capability names or as a hexadecimal mask.
  • CAPABILITY: The specific capability to check for, using a capability name or a decimal value.


This command has no specific options or flags.


Check if the current process has the CAP_SYS_ADMIN capability:

capng_have_capability "`cap_get_proc()" CAP_SYS_ADMIN

Examine if a capability set contains the CAP_NET_BIND_SERVICE capability:

capng_have_capability "11e0000,cap_net_bind_service+ep" CAP_NET_BIND_SERVICE

Common Issues

  • Ensure that the specified capability set is valid and adheres to the standard format.
  • Verify that the specified capability is recognized by the system and supported for examination.
  • Be aware that the presence or absence of a capability may vary depending on the process’s privileges and the security policy in place.


This command can be integrated into scripts or automation processes that require capability checking. It can be combined with other commands, such as capng_get_proc() to retrieve a process’s capability set or capng_print() to display a capability set in a human-readable format.

Related Commands

  • capng_get_proc()
  • capng_print()
  • getcap()