New comment by hippi777 on void-packages repository https://github.com/void-linux/void-packages/pull/21233#issuecomment-619431069 Comment: hi there! :) (others: plz correct me in case of need) @ShinyRice: i believe they can, but that renders elogind useless, as it is a capability based protection right for avoiding setuid, or maybe im wrong here, as most likely it is about what u r already running in case of graphics stuffs, instead of what can be run... setuid is considered to be harmful cuz if the given app has a way to do anything nasty (like when it has a small bug or forgotten corner case), then it will do that with root privileges, and it can reach more stuffs than anything limited by capabilities... otherwise using a system alone (dont forget about special users, like admin for vesta control panel, just for an irrelevant example, as u probably wont have vesta on ur daily driver and u probably wont have graphics on ur server) means that other users wont be an issue for ur security, but if u run anything with ur own privileges that can harm u, then most likely u r already wrecked, as priv escalation have so many ways, and u probably care about ur data, not ur system, and ur data is already in the wrong hands even before a priv escalation :D