# setcap
# Set capabilities of specified file.
# See also: `tldr getcap`.
# More information: <https://manned.org/setcap>.
# Set capability `cap_net_raw` (to use RAW and PACKET sockets) for a given file:
setcap 'cap_net_raw' path/to/file
# Set multiple capabilities on a file (ep behind the capability means "effective permitted"):
setcap 'cap_dac_read_search,cap_sys_tty_config+ep' path/to/file
# Remove all capabilities from a file:
setcap -r path/to/file
# Verify that the specified capabilities are currently associated with the specified file:
setcap -v 'cap_net_raw' path/to/file
# The optional `-n {{rootuid}}` argument can be used to set the file capability for use only in a user namespace with this root user ID owner:
setcap -n rootuid 'cap_net_admin' path/to/file
$
cheat.sh
tldr