some setuid programs require several different capabilities to operate. the file: /usr/include/linux/capability.h describes the various capabilities available in linux. the /usr/bin/passwd program requires the following capabilities to operate: cap chown cap dac override cap fowner modify the passwd program to use capabilities instead of setuid, then demonstrate that it still works by changing the ubuntu user password (which initially is ubuntu).