Unset `setcap` additional capabilities on excutable

To remove capabilities from a file use the -r flag

setcap -r /path/to/program

This will result in the program having no capabilities.

What @stephen-harris posted is right. But I believe it removes all capabilities added to the program in one shot. To remove a specific capability, following would work (following the example in the question)

setcap 'cap_net_bind_service=-ep' /path/to/program,

Notice the '-' sign. You can verify the {effect of the commands} capabilities over an executable as follows :

getcap /path/to/program

In case of setcap -r, all capabilities will be gone and the result of getcap will be empty where as the '-ep' just removes what you added with '+ep'. Comes in handy when you gave multiple capabilities and want to selectively remove them.