linux - Best practices for handling/dropping root permissions in C -

linux - Best practices for handling/dropping root permissions in C -

so, i'm working c programme requires root create raw socket() call. i'm trying find best way drop or limit root permissions after no longer need them. things i've discovered:

ping , ping6 in linux utilize suid root and, after making number of calls alter capabilities, utilize setuid(getuid())

after grepping through nmap source code, can't find code drops or limits root permissions if it's beingness run root.

is there 'best way' deal dropping root or limiting capabilities programme that's run root? see lot of code uses setuid(getuid()), although requires binary suid root. should utilize makefile set binary suid root , that, or should utilize setuid() other parameter proper non-root uid? should doing more sophisticated libcap/capability flags? there guide or else should looking at?

c linux permissions root suid