12

Can somebody please explain to me how to use or set CAP_SYS_ADMIN in c? I need that capability to unmount a usb drive but don't know how to use it.

Ste
  • 271
  • 1
  • 2
  • 13

1 Answers1

22

Here's how to do it using the command-line:

$  sudo setcap cap_sys_admin+ep executable-name

and

$ getcap executable-name
executable-name = cap_sys_admin+ep

You, of course, need the libcap package.

A good place to learn how to do it in C would be the source for setcap which is here

starfry
  • 9,273
  • 7
  • 66
  • 96
  • How do I set it back? If I do **$ getcap /usr/bin/ffmpeg** I get empty return. So how do I remove that capability? – HarryH May 19 '21 at 17:16
  • 3
    @HarryH an empty return means capabilities aren't set on the file so there is nothing to remove. The `+ep` in the example sets it and you would use `-ep` to remove it. The meaning of the flags are "effective" and "permitted" and you can read more on `man 7 capabilities`. The syntax of the commands is described by `man 3 cap_from_text`. – starfry May 20 '21 at 08:54