In two chapter, you will learn concepts and practices regarding process credentials and capabilities. Besides being of practical importance to application development in Linux, this chapter, by its very nature, delves deeper into an often overlooked but extremely important aspect: security.

We have divided the coverage of this key area into two major parts, each of which is a chapter in this book:

• In Chapter 7, Process Credentials, the traditional-style Unix permissions model is discussed in some detail, and techniques to run programs with root privileges but without requiring the root password were shown.
• In this Chapter 8, Process Capabilities, the modern approach, the POSIX capabilities model, is discussed in some detail.

We will attempt to clearly show the reader that, while it is important to learn about the traditional mechanisms and how they operate, this becomes a classic weak link as far as security is concerned. However you look at it, security is of paramount importance, especially these days; the advent of Linux running on all sorts of devices—tiny IoT and embedded devices to mobile devices, desktops, servers, and super-computing platforms—makes security a key concern for all stakeholders. Hence, the modern capabilities approach should be used when developing software.

In this chapter, we will cover the modern approach—the POSIX capabilities model—in some detail. We will discuss what exactly it is, and how it provides security and robustness. The reader will learn about the following:

• What exactly the modern POSIX Capabilities model is
• Why it is superior to the older (traditional) Unix permissions model
• How to work with capabilities on Linux
• Embedding capabilities into a process or binary executable
• Security tips

Along the way, we will use code examples, which will allow you to try out some of these facilities so that you can gain a better understanding of them.