1.\" Copyright (c) 2023 Matthew Dillon <dillon@backplane.com> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $DragonFly$ 26.\" 27.Dd October 12, 2023 28.Dt SETCAPS 1 29.Os 30.Sh NAME 31.Nm setcaps 32.Nd set capability restrictions on calling process 33.Sh SYNOPSIS 34.Nm 35.Op Fl lpqh 36.Op cap[:es] ... 37.Sh DESCRIPTION 38The 39.Nm 40utility sets capability restrictions on the parent process, which is 41typically the shell that ran this program. By default the SELF and EXEC 42flags are both set. 43.Pp 44When specifying capabilities to set, a colon extension may be used to 45override the default restrictions. 46.Pp 47.Sh OPTIONS 48The options are as follows: 49.Bl -tag -width indent 50.It Fl l 51List current capabilities. 52.It Fl p 53Print a list of all available capabilities. 54.It Fl q 55Do not complain if a specified capability is not available. 56.It Fl h 57Print help and exit. 58.El 59.Sh FLAGS 60.Bl -tag -width indent 61.It Li :s 62Sets the SELF flag. The capability restriction is applied to the 63calling process. However, SELF restrictions are not transfered 64upon exec unless the EXEC flag is also specified. 65.It Li :e 66Sets the EXEC flag. The capability restriction is applied to any 67programs exec'd by the calling process. EXEC becomes SELF when a 68program is exec'd. The EXEC flag remains set. 69Note that fork alone does not activate EXEC flagged restrictions. 70.It Li :se 71Both flags may be specified (this is the default) for each capability 72listed without specified flags). 73.El 74.Sh EXIT STATUS 75.Nm 76will exit 1 on error, and 0 on success. 77.Sh EXAMPLES 78.Li setcaps restricted_root 79.Li setcaps restricted_root:se sensitive_root:se 80.Sh SEE ALSO 81.Xr syscap_set 2 , 82.Xr syscap_get 2 83.Sh HISTORY 84The 85.Nm 86utility appeared in 87.Dx 6.5 88.Sh AUTHORS 89The 90.Nm 91utility was written by 92Matthew Dillon 93