setcap

set program capabilities

sudo setcap [-q] [-v] [capabilities|-|-r] program [capabilitiesN programeN ]

With no options sets the capabilities of program.

capability[,…   =|+|-   e|i|p,

          effective| inheritable | permitted .

-v verify the capabilities associated with file
-capabilities are read from standard input.

The capability list is terminated with a blank line.

-r remove a capability from a program.
-q quiet

Examples:

> sudo setcap 'cap_net_raw,cap_net_admin+eip' `which hcidump`
> sudo setcap 'cap_net_raw,cap_net_admin+eip' `which hcitool`

 > setcap -v 'cap_net_raw,cap_net_admin+eip' `which hcidump`
/usr/bin/hcidump: OK

sudo setcap cap_net_raw,cap_net_admin+eip $(eval readlink -f `which node`)

sudo systemctl restart nodered

Errors

fatal error: Invalid argument
usage: setcap [-q] [-v] (-r|-|)  [ ... (-r|-|)  ]

 Note  must be a regular (non-symlink) file.
with RC= 1

See

cap_set_file(3), getcap(8)