Published at LXer:
When you run a program as setuid, it runs with all the permissions of that user. And if the program spawns new processes, they inherit the same permissions. Not so with filesystem capabilities. When you run a programwith a set of capabilities, the processes it spawns do not have those capabilities by default; they must be given explicitly.
Read More...