No, that is a different story than polkit. I quote the next lines from this man page:
For the purpose of performing permission checks, traditional UNIX
implementations distinguish two categories of processes: privileged
processes (whose effective user ID is 0, referred to as superuser or
root), and unprivileged processes (whose effective UID is nonzero).
Privileged processes bypass all kernel permission checks, while
unprivileged processes are subject to full permission checking based
on the process's credentials (usually: effective UID, effective GID,
and supplementary group list).
Starting with kernel 2.2, Linux divides the privileges traditionally
associated with superuser into distinct units, known as capabilities,
which can be independently enabled and disabled. Capabilities are a
You can give desired capabilities to a file by
setcap command. For example
ping needs to create raw sockets for sending a packet. Creating raw sockets is one of the numerous root capabilities. If we run
ping with sudo or su, it will inherit all of the root’s capabilities. It may be harmful in the case the intruder can use a vulnerability in
ping and get full root access.
Thus we only give
ping what it needs, not more:
setcap cap_net_raw=+eip /home/me/ping
Then, I as a non-root user will be able to run ping. If an intruder uses the vulnerability, he/she will be only able to create raw sockets of root’s capabilities, NOT MORE
Can we investigate more and try it?