You can use this module to run programs that normally need root privileges from standard user accounts, or, in other words, split the Linux filesystem setuid feature for root into several capabilities. Typical examples are server daemons that bind to lower ports, e.g. a webserver, or account administration programs, e.g. passwd.
Also, you can now restrict the capabilities of a program, even it is executed
by superuser root. As an example, there is no need for the mailer daemon to
change the network or firewall settings.