Cado permits to delegate capabilities to users. (like a sudo providing users with just the capabilities they need).
Because for the principle of least privilege a system is safer when users/processes are granted only the rights they need.
Cado is more selective than sudo, users can be authorized to have only specific linux capabilities (and not others).
Cado uses ambient capabilities.
There is a specific project