Linux Capabilities

Linux capabilities divide root privileges into smaller, distinct units, allowing processes to have a subset of privileges. This minimizes the risks by not granting full root privileges unnecessarily.

The Problem

• Normal users have limited permissions, affecting tasks like opening a network socket which requires root access.

Linux Capability Sets

1} Effective (CapEff)

Purpose: Shows the capabilities a process is currently using.

Meaning: Active permissions checked by the kernel when the process performs an operation.

Key Point: If a capability is not in CapEff → process cannot use it right now.

✅ Memory Line:

CapEff = Permissions currently active.

2} Permitted (CapPrm)

Purpose: Defines the maximum capabilities a process is allowed to use.

Meaning: A process can enable capabilities from CapPrm into CapEff when needed.

Key Point: Process cannot gain permissions outside CapPrm.

✅ Memory Line:

CapPrm = Maximum allowed permissions.

3} Inheritable (CapInh)

Purpose: Capabilities that can be passed to child processes during exec.

Meaning: Used when a process starts another program and wants to transfer privileges.

Key Point: Only capabilities in CapInh can be inherited by new programs.

✅ Memory Line:

CapInh = Permissions that can be inherited.

4} Bounding (CapBnd)

Purpose: Acts as the final upper limit on capabilities a process can ever obtain.

Meaning: Even if a capability exists in Permitted or Inheritable sets, it cannot be used unless it is also in CapBnd.

Key Point: Prevents privilege escalation beyond a defined boundary.

✅ Memory Line:

CapBnd = Final security ceiling.

5} Ambient (CapAmb)

Purpose: Allows capabilities to remain active after executing a new program (execve).

Meaning: Helps non-SUID programs retain privileges across program execution.

Key Point: Capabilities must already exist in Permitted and Inheritable sets.

✅ Memory Line:

CapAmb = Permissions that continue after exec.