What are Linux capabiities

Linux capabilities are special attributes in the Linux kernel that grant processes and binary executables specific privileges that are normally reserved for processes whose effective user ID is 0 (the root user). Example with ntpd daemon: it has option --enable-linuxcaps: ntpd is run as user ntp, and uses Linux capabilities for non-root clock control.


There is currently an extensive list of capabilities available, defined in the capability library.


Without going into too much detail, we can say that the files and processes of the system have a set of 3 flags for the capabilities, which are: P (Permitted), E (Effective) and I (Inheritable), which are used to decide, through an algorithm, the final privilege to apply in the execution.