Hardened/Overview of POSIX capabilities

POSIX capabilities are a partitioning of the all powerful root privilege into a set of distinct privileges

CAP_CHOWN
CAP_CHOWN

CAP_DAC_OVERRIDE
CAP_DAC_OVERRIDE

CAP_DAC_READ_SEARCH
CAP_DAC_READ_SEARCH

CAP_FOWNER
CAP_FOWNER

CAP_FSETID
CAP_FSETID

CAP_FS_MASK
CAP_FS_MASK

CAP_KILL
CAP_KILL

CAP_SETGID
CAP_SETGID

CAP_SETUID
CAP_SETUID

CAP_SETPCAP
CAP_SETPCAP

CAP_LINUX_IMMUTABLE
CAP_LINUX_IMMUTABLE

CAP_NET_BIND_SERVICE
CAP_NET_BIND_SERVICE

CAP_NET_BROADCAST
CAP_NET_BROADCAST

CAP_NET_ADMIN
CAP_NET_ADMIN

CAP_NET_RAW
CAP_NET_RAW

CAP_IPC_LOCK
CAP_IPC_LOCK

CAP_IPC_OWNER
CAP_IPC_OWNER

CAP_SYS_MODULE
CAP_SYS_MODULE

CAP_SYS_RAWIO
CAP_SYS_RAWIO

CAP_SYS_CHROOT
CAP_SYS_CHROOT

CAP_SYS_PTRACE
CAP_SYS_PTRACE

CAP_SYS_PACCT
CAP_SYS_PACCT

CAP_SYS_ADMIN
CAP_SYS_ADMIN

CAP_SYS_BOOT
CAP_SYS_BOOT

CAP_SYS_NICE
CAP_SYS_NICE

CAP_SYS_RESOURCE
CAP_SYS_RESOURCE

CAP_SYS_TIME
CAP_SYS_TIME

CAP_SYS_TTY_CONFIG
CAP_SYS_TTY_CONFIG

CAP_MKNOD
CAP_MKNOD

CAP_LEASE
CAP_LEASE

Acknowledgements
We would like to thank the following authors and editors for their contributions to this guide:


 * Ned Ludd
 * Adam Mondl