The process manager supports PROCMGR_ADN_ROOT and PROCMGR_ADN_NONROOT flags that indicate which domain an ability applies to.
These flags let a process further limit what actions can be carried out depending on its effective user ID:
The following example shows how you can retain a specific ability for your process, before dropping root privileges. In the following example, the PROCMGR_AID_PATHSPACE ability is being allowed for non-root users:
procmgr_ability( 0, PROCMGR_ADN_NONROOT | PROCMGR_AOP_ALLOW | PROCMGR_AID_PATHSPACE, PROCMGR_AID_EOL); setreuid(new_user, new_user); setregid(new_group, new_group);