How to use CAP_SYS_ADMIN

About

Asked 22/10, 2014 at 9:34 Answered 8/7, 2015 at 11:41

Can somebody please explain to me how to use or set CAP_SYS_ADMIN in c? I need that capability to unmount a usb drive but don't know how to use it.

Tomas answered 22/10, 2014 at 9:34 Comment(0)

Here's how to do it using the command-line:

$  sudo setcap cap_sys_admin+ep executable-name

and

$ getcap executable-name
executable-name = cap_sys_admin+ep

You, of course, need the libcap package.

A good place to learn how to do it in C would be the source for setcap which is here

Heyward answered 8/7, 2015 at 11:41 Comment(2)

How do I set it back? If I do $ getcap /usr/bin/ffmpeg I get empty return. So how do I remove that capability? – Elseelset 19/5, 2021 at 17:16

@Elseelset an empty return means capabilities aren't set on the file so there is nothing to remove. The +ep in the example sets it and you would use -ep to remove it. The meaning of the flags are "effective" and "permitted" and you can read more on man 7 capabilities. The syntax of the commands is described by man 3 cap_from_text. – Heyward 20/5, 2021 at 8:54

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags