Visit Our UNIX and Linux User Community

Linux and UNIX Man Pages

Test Your Knowledge in Computers #938
Difficulty: Medium
The ping utility was written by Mike Muuss in December 1983.
True or False?
Linux & Unix Commands - Search Man Pages

captest(8) [centos man page]

CAPTEST:(8)						  System Administration Utilities					       CAPTEST:(8)

NAME
captest - a program to demonstrate capabilities SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ] DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have. You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca- lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it. OPTIONS
--drop-all This drops all capabilities and clears the bounding set. --drop-caps This drops just traditional capabilities. --id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set. --text This option outputs the effective capabilities in text rather than numerically. --lock This prevents the ability for child processes to regain privileges if the uid is 0. SEE ALSO
filecap(8), capabilities(7) AUTHOR
Steve Grubb Red Hat June 2009 CAPTEST:(8)

Check Out this Related Man Page

CAPTEST:(8)						  System Administration Utilities					       CAPTEST:(8)

NAME
captest - a program to demonstrate capabilities SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ] DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have. You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca- lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it. OPTIONS
--drop-all This drops all capabilities and clears the bounding set. --drop-caps This drops just traditional capabilities. --id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set. --text This option outputs the effective capabilities in text rather than numerically. --lock This prevents the ability for child processes to regain privileges if the uid is 0. SEE ALSO
filecap(8), capabilities(7) AUTHOR
Steve Grubb Red Hat June 2009 CAPTEST:(8)

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Redirecting several outputs to /dev/stdout

I have an executable that, depending on its input, outputs to either one file or several. It usually prints nothing on screen. The usual way to call this program is to specify an input and output filenames, like this: ./executable.exe -i inputfile -o outputfileIt will then try to use the output... (1 Reply)
Discussion started by: aplaydoc
1 Replies

2. SCO

Slow Processing - not matching hardware capabilities

I have been a SCO UNIX user, never an administrator...so I am stumbling around looking for information. I don't know too much about what is onboard in terms of hardware, however; I will try my best. We have SCO 5.07 and have applied MP5. We have a quad core processor with 4 250 GB... (1 Reply)
Discussion started by: atpbrownie
1 Replies

3. Shell Programming and Scripting

Variable comparison

Can anyone help me with this section of code? The scenario is a value drops from A to B or A to C or B to C. If it drops from A to B or B to C, we print "Drop one level" If it drops from A to C, we print "Dropped two levels". The problem is script is throwing error when comparing variable... (2 Replies)
Discussion started by: sundar63
2 Replies

4. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

5. UNIX for Dummies Questions & Answers

Can you gain root privileges if the suid program does not belong to root?

I had a question in my test which asked where suppose user B has a program with 's' bit set. Can user A run this program and gain root privileges in any way? I suppose not as the suid program run with privileges of owner and this program will run with B's privileges and not root. (1 Reply)
Discussion started by: syncmaster
1 Replies

Featured Tech Videos