Ah, the setuid hack, everyone's least favorite thing about UNIX. It's ugly, it's kludgy, it opens up lots of potential security holes... So of course I'm wondering if there are better ways of handling privilege elevation. What I know of so far: POSIX Capabilities Covered already in another post. Supported by Linux and apparently by FreeBSD, been around since ~2002. Allows binary executables to run with only specific aspects of root privileges. No idea why nobody uses this... OTOH it's still based on file attributes, which probably introduces some of the same issues as setuid. Systrace A dinosaur from the distant past, basically a (fully graphical) HIPS for UNIX OSes. Can be used in place of setuid/setgid. But it hasn't been updated in ages, and the vast majority of UNIXes have abandoned it with the advent of modern MAC implementations. What I suspect might work: SELinux Based on what little I know about it, I think it should be able to grant elevated privileges as well as removing privileges.. Whether that's a good idea is another matter entirely. An arbitrating daemon of some sort This is how Windows 2000/XP handles privilge elevation - a privileged daemon that processes requests from unprivileged users. This sounds sensible, but in view of the infamous shatter attacks on XP, it may not be any better. What other ways are there of dealing with the need to elevate user privileges on UNIX? In theory, or in practice? And which of them have actually be implemented?