1 .TH SETPRIV 1 "January 2013" "util-linux" "User Commands"
3 setpriv \- run a program with different Linux privilege settings
10 Sets or queries various Linux privilege settings that are inherited across
14 \fB\-d\fR, \fB\-\-dump\fR
15 Dumps current privilege state. Specify more than once to show extra, mostly
16 useless, information. Incompatible with all other options.
18 \fB\-\-no\-new\-privs\fR
21 bit. With this bit set,
23 will not grant new privileges. For example, the setuid and setgid bits as well
24 as file capabilities will be disabled. (Executing binaries with these bits set
25 will still work, but they will not gain privilege. Certain LSMs, especially
26 AppArmor, may result in failures to execute certain programs.) This bit is
27 inherited by child processes and cannot be unset. See
30 .IR Documentation/\:prctl/\:no_\:new_\:privs.txt
31 in the Linux kernel source.
33 The no_\:new_\:privs bit is supported since Linux 3.5.
35 \fB\-\-inh\-caps\fR \fI(+|\-)cap\fR,\fI...\fR or \fB\-\-bounding\-set\fR \fI(+|\-)cap\fR,\fI...\fR
36 Sets inheritable capabilities or capability bounding set. See
38 The argument is a comma-separated list of
42 entries, which add or remove an entry respectively.
46 can be used to add or remove all caps. The set of capabilities starts out as
47 the current inheritable set for
49 and the current bounding set for
50 .BR \-\-\:bounding\-\:set .
51 If you drop something from the bounding set without also dropping it from the
52 inheritable set, you are likely to become confused. Do not do that.
55 Lists all known capabilities. Must be specified alone.
57 \fB\-\-ruid\fR \fIuid\fR, \fB\-\-euid\fR \fIuid\fR, \fB\-\-reuid\fR \fIuid\fR
58 Sets the real, effective, or both \fIuid\fRs. The uid argument can be
59 given as textual login name.
65 does not change capabilities, although the exec call at the end might change
66 capabilities. This means that, if you are root, you probably want to do
69 \-\-reuid=1000 \-\-\:regid=1000 \-\-\:caps=\-\:all
71 \fB\-\-rgid\fR \fIgid\fR, \fB\-\-egid\fR \fIgid\fR, \fB\-\-regid\fR \fIgid\fR
72 Sets the real, effective, or both \fIgid\fRs. The gid argument can be
73 given as textual group name.
75 For safety, you must specify one of \-\-\:keep\-\:groups,
76 \-\-\:clear\-\:groups, or \-\-\:groups if you set any primary
80 Clears supplementary groups.
82 \fB\-\-keep\-groups\fR
83 Preserves supplementary groups. Only useful in conjunction with \-\-rgid,
84 \-\-egid, or \-\-regid.
86 \fB\-\-groups\fR \fIgroup\fR,\fI...\fR
87 Sets supplementary groups.
89 \fB\-\-securebits\fR \fI(+|\-)securebit\fR,\fI...\fR
90 Sets or clears securebits. The valid securebits are
93 .IR no_\:setuid_\:fixup ,
94 .IR no_\:setuid_\:fixup_\:locked ,
96 .IR keep_\:caps_\:locked .
100 and is therefore not allowed.
102 \fB\-\-selinux\-label\fR \fIlabel\fR
103 Requests a particular SELinux transition (using a transition on exec, not
104 dyntrans). This will fail and cause
106 to abort if SELinux is not in use, and the transition may be ignored or cause
108 to fail at SELinux's whim. (In particular, this is unlikely to work in
110 .IR no_\:new_\:privs .)
114 \fB\-\-apparmor\-profile\fR \fIprofile\fR
115 Requests a particular AppArmor profile (using a transition on exec). This will
118 to abort if AppArmor is not in use, and the transition may be ignored or cause
120 to fail at AppArmor's whim.
122 \fB\-V\fR, \fB\-\-version\fR
123 Display version information and exit.
125 \fB\-h\fR, \fB\-\-help\fR
126 Display help and exit.
128 If applying any specified option fails,
132 will return with exit code 127.
134 Be careful with this tool \-\- it may have unexpected security consequences.
135 For example, setting no_\:new_\:privs and then execing a program that is
136 SELinux\-\:confined (as this tool would do) may prevent the SELinux
137 restrictions from taking effect.
142 .MT luto@amacapital.net
148 command is part of the util-linux package and is available from
149 .UR ftp://\:ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/