man7.org > Linux > man-pages

Linux/UNIX system programming training

captest(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | SEE ALSO | AUTHOR | COLOPHON 

CAPTEST:(8)          System Administration Utilities          CAPTEST:(8)

NAME         top

       captest - a program to demonstrate capabilities

SYNOPSIS         top

       captest [ --ambient --drop-all | --drop-caps | --id ] [ --init-grp
       ] [ --lock ] [ --text ]

DESCRIPTION         top

       captest is a program that demonstrates and prints out the current
       process capabilities. Each option prints the same report. It will
       output current capabilities. then it will try to access
       /etc/shadow directly to show if that can be done. Then it creates
       a child process that attempts to read /etc/shadow and outputs the
       results of that. Then it outputs the capabilities that a child
       process would have.

       You can also apply file system capabilities to this program to
       study how they work. For example, filecap /usr/bin/captest chown.
       Then run captest as a normal user. Another interesting test is to
       make captest suid root so that you can see what the interaction is
       between root's credentials and capabilities. For example, chmod
       4755 /usr/bin/captest. When run as a normal user, the program will
       see if privilege escalation is possible. But do not leave this app
       setuid root after you are don testing so that an attacker cannot
       take advantage of it.

OPTIONS         top

       --ambient
              This attempts to add CAP_CHOWN ambient capability.

       --drop-all
              This drops all capabilities including ambient and clears
              the bounding set.

       --drop-caps
              This drops just traditional capabilities.

       --id   This changes to uid and gid 99, drops supplemental groups,
              and clears the bounding set.

       --init-grp
              This changes to uid and gid 99 and then adds any
              supplemental groups that comes with that account. You would
              have add them prior to testing because by default there are
              no supplemental groups on account 99.

       --text This option outputs the effective capabilities in text
              rather than numerically.

       --lock This prevents the ability for child processes to regain
              privileges if the uid is 0.

SEE ALSO         top

       filecap(8), capabilities(7)

AUTHOR         top

       Steve Grubb

COLOPHON         top

       This page is part of the libcap-ng (capabilities commands and
       library (NG)) project.  Information about the project can be found
       at ⟨https://people.redhat.com/sgrubb/libcap-ng/⟩.  It is not known
       how to report bugs for this man page; if you know, please send a
       mail to [email protected].  This page was obtained from the
       tarball fetched from
       ⟨https://people.redhat.com/sgrubb/libcap-ng/index.html⟩ on
       2025-08-11.  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-
       to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not
       part of the original manual page), send a mail to
       [email protected]

Red Hat                         Sept 2020                     CAPTEST:(8)

Pages that refer to this page: capabilities(7)

HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI