I messed around with attaching capabilities using setpcap this morning, however none of them would 'take' unless the app was run as root to begin with. After reading more about the capability stuff, it looks like it's a way to trim down root applications so they can be allowed to do only what they need to as root, and not with every single perk that comes along with running as root. If this is true, it still requires the application to be executed as root (maybe someone familiar with this can correct me!)

I've never used PAM, how well does QT integrate with it?