SetUID: limit the use with POSIX capabilities

view full story

http://www.linuxquestions.org – Hey all, It is known that binaries with the SetUID bit enabled are a threat for the system. I saw on this ArchLinux wiki https://wiki.archlinux.org/index.php...tead_Of_Setuid a way to limit the use of SetUID bit thanks to POSIX capabilities. It looks very interesting. Does anyone of you used it already? Is it a burden for the system afterwards (like binaries not working, needing to be fixed); or is it seamless? Thanks (HowTos)