Comment 2 for bug 436977

Euca uses root privs for a specific sub-set of actions (see attached). I think as a first-pass, we need to:

1) use capabilities, not "uid 0"
2) add logic to the wrapper to only allow specific commands/paths, and adjust capabilities as appropriate
3) use fully qualified paths to commands

continued...