Unix systems have traditionally restricted privileged operations to the superuser
account. This meant that privilege was an all-or-nothing thing—the superuser can do
absolutely anything, but all other users are highly restricted. The Linux kernel pro-
vides a more flexible system called capabilities. A capability-based system leaves the
all-or-nothing mode behind and breaks down privileged operations into separate
subgroups. In this way, a particular user (or program) can be empowered to perform
a specific privileged operation without giving away the ability to perform other, unre-
lated operations. The kernel uses capabilities exclusively for permissions manage-
ment and exports two system calls capget and capset, to allow them to be managed
from user space.
