> s> A better design would have been having the file to have a > s> second UID/GID. > > s> So, a file could be owned by root, but setuid man. > > ACLs and capabilities are probably two very different solutions to > this problem. > > (...depends on how they are implemented).
It's tricky... capabilities don't fix this. And I know nothing about ACL's on UNIX systems. It must be something like "these users/groups may write, and these may read", but I don't know if they have something for the setuid/segid thing...
