memo 📎"Capabilities are—at least in theory—a nice idea: divide the privileges of root into small pieces so that a process can be granted just enough power to perform specific privileged tasks. "
"The key point from the beginning of this article is small pieces, and it's here that the Linux capabilities implementation has gone astray."