capability - user capability database
The file /etc/capability describes the default capability set a user may
have when logging onto the system, and the maximum capability set a user
may have when logging onto the system or using the su(1M) command. There
is one entry for each user. Each entry is separated from the next by a
newline. Each field within each entry is separated by a colon. An entry
beginning with # is ignored.
The capability file contains the following information for each user:
name User's login name. This must exactly match the corresponding
entry in /etc/passwd.
default capability set
The default capability set a user gets when logging onto the
system. This consists of a capability set in a form acceptable
maximum capability set
The maximum capability set a user may specify when logging onto
the system, or when using su(1M). This field has the same form
as the default field. This field should be a superset of the
Here is a sample /etc/capability file:
In this example, there are specific entries for users root and auditor,
to assure that they have non-empty capability sets when logging in, and
that they can acquire all the capabilities they need when necessary.
There is also a specific entry for user jenny, who has an empty
capability set by default, but can request CAP_DAC_READ_SEARCH capability
cap_from_text(3C), chcap(1), login(1), passwd(1), su(1M).
PPPPaaaaggggeeee 2222 [ Back ]