'\" t
.\" Title: get_pcaps
.\" Author: [see the "AUTHORS" section]
.\" Generator: DocBook XSL Stylesheets v1.75.2
.\" Date: 09/23/2011
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "GETPCAPS" "1" "09/23/2011" "GETPCAPS" "GETPCAPS"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
getpcaps \- List Process Capabilities
.SH "SYNOPSIS"
.HP 5
\fBgetpcaps\fR [ ...]
.SH "DESCRIPTION"
.PP
\fBgetpcaps\fR
is a simple utility to display the capabilities on the queried process(es)\&.
The capabilities are displayed in the cap_from_text(3) format\&, portions
of which are reproduced in the section "TEXTUAL REPRESENTATION" below.
.\"
.\" Section "Textual Representation" copied here from cap_from_text(3)
.\" for convenience by Christian Kastner
.\"
.SH "TEXTUAL REPRESENTATION"
A textual representation of capability sets consists of one or more
whitespace-separated
.IR clauses .
Each clause specifies some operations on a capability set; the set
starts out with all capabilities lowered, and the meaning of the
string is the state of the capability set after all the clauses have
been applied in order.
.PP
Each clause consists of a list of comma-separated capability names
(or the word
.RB ` all '),
followed by an
.IR action-list .
An action-list consists of a sequence of
.I operator flag
pairs. Legal operators are:
.RB ` = "', '" + "', and `" - "'."
Legal flags are:
.RB ` e "', `" i "', and `" p "'."
These flags are case-sensitive and specify the Effective, Inheritable
and Permitted sets respectively.
.PP
In the capability name lists, all names are case-insensitive. The
special name
.RB ` all '
specifies all capabilities; it is equivalent to a list naming every
capability individually.
.PP
Unnamed capabilities can also be specified by number. This feature
ensures that libcap can support capabilities that were not allocated
at the time libcap was compiled. However, generally upgrading libcap
will add names for recently allocated capabilities.
.PP
The
.RB ` = '
operator indicates that the listed capabilities are first reset in
all three capability sets. The subsequent flags (which are optional
when associated with this operator) indicate that the listed
capabilities for the corresponding set are to be raised. For example:
"all=p" means lower every capability in the Effective and Inheritable
sets but raise all of the Permitted capabilities;
or, "cap_fowner=ep" means raise the Effective and Permitted
override-file-ownership capability, while lowering this Inheritable
capability.
.PP
In the case that the leading operator is
.RB ` = ',
and no list of capabilities is provided, the action-list is assumed to
refer to `all' capabilities. For example, the following three
clauses are equivalent to each other (and indicate a completely empty
capability set): "all="; "="; "cap_chown,=".
.PP
The operators, `+' and `-' both require an explicit preceding
capability list and one or more explicit trailing flags. The `+'
operator will raise all of the listed capabilities in the flagged
capability sets. The `-' operator will lower all of the listed
capabilities in the flagged capability sets. For example:
"all+p" will raise all of the Permitted capabilities; "cap_fowner+p-i"
will raise the override-file-ownership capability in the Permitted
capability set and lower this Inheritable capability;
"cap_fowner+pe-i" and "cap_fowner=+pe" are equivalent.
.SH "FILES"
.PP
None
.SH "SEE ALSO"
.PP
\fBcap_from_text\fR(3).
.SH "COPYRIGHT"
Copyright \(co 1997-8,2007 Andrew G. Morgan
.br