Home/ Questions/Q 6709407
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T07:52:40+00:00

To add the cap_net_raw capability to (for eg /bin/ping), we use the following: #setcap

  • 0

To add the cap_net_raw capability to (for eg /bin/ping), we use the following:

#setcap cap_net_raw=ep /bin/ping

What is the meaning of ep and why is it required here ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This sets the CAP_NET_RAW bit in both the “effective” (e) and “permitted” (p) capability sets. These two sets, along with the “inheritable” set, govern the capabilities that a process has or can set.

    See more here:

    capabilities – Linux man page

    Capability Sets

    Each thread has three capability sets containing zero or more of the
    above capabilities:

    Effective – the capabilities used by the kernel to
    perform permission checks for the thread.

    Permitted – the capabilities
    that the thread may assume (i.e., a limiting superset for the
    effective and inheritable sets). If a thread drops a capability from
    its permitted set, it can never re-acquire that capability (unless it
    exec()s a set-user-ID-root program).

    inheritable – the capabilities
    preserved across an execve(2). A child created via fork(2) inherits
    copies of its parent’s capability sets. See below for a discussion of
    the treatment of capabilities during exec(). Using capset(2), a thread
    may manipulate its own capability sets, or, if it has the CAP_SETPCAP
    capability, those of a thread in another process.

    • 0