Capabilities 0 through 7 are defined (in draft form) by Posix; the rest are
Linux-specific.
Name | Number | Description |
CAP_CHOWN |
0 | Override restrictions on changing file ownership |
CAP_DAC_OVERRIDE |
1 | Override access restrictions on files |
CAP_DAC_READ_SEARCH |
2 | Override restrictions on read and search of files and directories |
CAP_FOWNER |
3 | Override restrictions on files when owned by process |
CAP_FSETID |
4 | Allow setting setuid bits (not implemented) |
CAP_KILL |
5 | Allow sending signals to processes owned by others |
CAP_SETGID |
6 | Allow group ID manipulation |
CAP_SETUID |
7 | Allow user id manipulation |
CAP_SETPCAP |
8 | Transfer capabilities to other processes |
CAP_LINUX_IMMUTABLE |
9 | Allow modification of immutable and append-only file attributes |
CAP_NET_BIND_SERVICE |
10 | Allow binding to sockets below 1024 |
CAP_NET_BROADCAST |
11 | Allow network broadcasting and multicast access |
CAP_NET_ADMIN |
12 | Allow net admin tasks - interfaces, firewalls, routing, ... |
CAP_NET_RAW |
13 | Allow use of raw sockets |
CAP_IPC_LOCK |
14 | Allow locking of memory segments |
CAP_IPC_OWNER |
15 | Override IPC ownership checks |
CAP_SYS_MODULE |
16 | Insert and remove kernel modules |
CAP_SYS_RAWIO |
17 | Allow access to ioperm and iopl |
CAP_SYS_CHROOT |
18 | Allow use of chroot() |
CAP_SYS_PTRACE |
19 | Allow tracing of any process |
CAP_SYS_PACCT |
20 | Allow configuration of process accounting |
CAP_SYS_ADMIN |
21 | Many sys admin tasks: mount, quotas, swapping, much more |
CAP_SYS_BOOT |
22 | Allow rebooting the system |
CAP_SYS_NICE |
23 | Allow raising priority, setting other process priority |
CAP_SYS_RESOURCE |
24 | Override resource limits |
CAP_SYS_TIME |
25 | Allow changing the system clock |
CAP_SYS_TTY_CONFIG |
26 | Allow configuration of tty devices |