Capability transfer across exec

No-root

No privileged files

Privileged files

Root

EUID = 0 or RUID = 0

Capability sets are considered to be all 1’s.

EUID = 0

File effective bit considered 1.

Exception: EUID = 0, RUID ≠ 0

Set-UID file was executed.
File capabilities are honoured if present.

PreviousFile capabilities NextControl groups (cgroups)

Last updated 6 months ago