In order to use the "-V" option, you must have compiled lidsadm with the view option enabled. (which is standard behaviour, see above).
At the command line, enter:
This will produce output similar to the following on a 2.4.x kernel:
VIEW
CAP_CHOWN 0
CAP_DAC_OVERRIDE 0
CAP_DAC_READ_SEARCH 0
CAP_FOWNER 0
CAP_FSETID 0
CAP_KILL 0
CAP_SETGID 0
CAP_SETUID 0
CAP_SETPCAP 0
CAP_LINUX_IMMUTABLE 0
CAP_NET_BIND_SERVICE 0
CAP_NET_BROADCAST 0
CAP_NET_ADMIN 0
CAP_NET_RAW 0
CAP_IPC_LOCK 0
CAP_IPC_OWNER 0
CAP_SYS_MODULE 0
CAP_SYS_RAWIO 0
CAP_SYS_CHROOT 0
CAP_SYS_PTRACE 0
CAP_SYS_PACCT 0
CAP_SYS_ADMIN 0
CAP_SYS_BOOT 1
CAP_SYS_NICE 0
CAP_SYS_RESOURCE 1
CAP_SYS_TIME 0
CAP_SYS_TTY_CONFIG 0
CAP_MKNOD 0
CAP_LEASE 0
CAP_HIDDEN 1
CAP_KILL_PROTECTED 0
CAP_PROTECTED 0
LIDS 0
LIDS_GLOBAL 1
RELOAD_CONF 0 |
As you can see from the output above, this system has an LFS active. However, LIDS is enabled globally. The items with a "1" next to them are enabled, and those items with a "0" next to them are disabled. Except for the last two capabilities, root normally has all of the above capabilities. Thanks to LIDS, root only has capabilities CAP_SYS_BOOT, CAP_SYS_RESOURCE, and CAP_HIDDEN in this particular case (NOTE: CAP_HIDDEN isn't a capability provided by the standard Linux kernel).