CAPTEST:(8) System Administration Utilities CAPTEST:(8)NAME
captest - a program to demonstrate capabilities
SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]
DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that
attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.
You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's
credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.
OPTIONS --drop-all
This drops all capabilities and clears the bounding set.
--drop-caps
This drops just traditional capabilities.
--id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.
--text This option outputs the effective capabilities in text rather than numerically.
--lock This prevents the ability for child processes to regain privileges if the uid is 0.
SEE ALSO filecap(8), capabilities(7)AUTHOR
Steve Grubb
Red Hat June 2009 CAPTEST:(8)
Check Out this Related Man Page
CAPTEST:(8) System Administration Utilities CAPTEST:(8)NAME
captest - a program to demonstrate capabilities
SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]
DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that
attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.
You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's
credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.
OPTIONS --drop-all
This drops all capabilities and clears the bounding set.
--drop-caps
This drops just traditional capabilities.
--id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.
--text This option outputs the effective capabilities in text rather than numerically.
--lock This prevents the ability for child processes to regain privileges if the uid is 0.
SEE ALSO filecap(8), capabilities(7)AUTHOR
Steve Grubb
Red Hat June 2009 CAPTEST:(8)
RULES OF THE UNIX AND LINUX FORUMS
For the latest version of the community rules (the official community rules page), please visit here.
No flames, shouting (all caps), sarcasm, bullying, profanity or arrogant posts.
No negative comments about others or impolite remarks. Be patient. No... (1 Reply)
I see lot of ad-hoc shell scripts in our servers which don't have a shebang at the beginning .
Does this mean that it will run on any shell ?
Is it a good practice to create scripts (even ad-hoc ones) without shebang ? (16 Replies)
Hi everyone,
I know the following questions are noobish questions but I am asking them because I am confused about the basics of history behind UNIX and LINUX.
Ok onto business, my questions are-:
Was/Is UNIX ever an open source operating system ?
If UNIX was... (21 Replies)
Dear all,
I use awk quite a bit for data wrangling ... today I find weird behavior that I cannot wrap my head around.
if I execute the following command (simplified to illustrate the behavior ... nothing to do with the real command)
bash-3.2$ awk... (3 Replies)
I have a file hello.txt which i wish to send as a email body (not attachment).
cat -ev hello.txt
1$
2$
3$
I use the following command to send the hello.txt as the email body.
mailx -s "Alert" myteam@mycomp.com<hello.txt
However, the email received has this in the email body
123... (2 Replies)
I've "installed" LM 19.1 to a PNY 16Gb(2.0) pendrive. I have a few issues that I'd like to resolve. First and foremost, the O.S. experiences "lagging" issues and to a lesser degree, freezing. Example: Complete "boot-up" (from start to complete "home" page) can take upwards of 7 mins. Then when... (10 Replies)
Morning All
So, I am starting looking into the world of UNIX for a new job (luckily not my primary function!) and I am looking to get stared. Like anything I seem to learn best by trying things out first in an environment but I have a key question:
Currently I use Oracle VirtualBox, can... (8 Replies)
I've installed Slack 14.2 on /dev/sda1 (/dev/sda2 is swap) and FreeBSD 12 on /dev/sda3 and lilo is the boot manager.
FreeBSD slices are as follows;
/ on /dev/ada0S3a, swap on /dev/ada0s3e, /var on /dev/ada0s3b, /tmp on /dev/ada0s3d and /usr on /dev/ada0s3f.
I hesitate to install Solaris 10... (2 Replies)
In a professional environment with traditional application you often want (or are asked) to report the users.
Traditionally there is the who command
who | awk '{print $1}'telnetd or sshd register the users in the utmp file, to be shown with who, w, users, finger, pinky, ...
In addition they... (1 Reply)