Capability groups represent an idea analogous to user groups in standard UNIX implementations. Each capability group is made of one or more capabilities and each user may be a member of one or more capability groups. Capability group 0 is denoted the default for all users.
The reason for introducing capability groups (including the default capability group) is the ease of LinSec setup and maintenance as in most systems users can be naturally grouped in several categories with respect to required system privileges and trust. Existence of capability groups reflects this trend and saves administrators from having to specify uP (Subsection 4.2.5) for each user individually.
Capability groups take part in the computation of Process Capabilities (Subsections 4.2.7 and 4.2.9).