Capabilities

The power of root is acually broken up into discrete actions called capabilities.

Kernel uses the capable() call, not 'if (uid == 0 )' tests.

Capabilities include
CAP_SETUID -  Allow unrestricted setuid(2) and friends.
CAP_SETGID - Allow unrestricted setgid(2) and setgroups(2).
CAP_CHOWN - Allow unrestricted use of chown
CAP_KILL - Allow signals to be sent to processes you don't own.
CAP_NET_BIND_SERVICE Binding low TCP and UDP ports 
CAP_NET_ADMIN Network configuration (set IP addr, add routes)
CAP_NET_RAW - Allow use of raw and packet sockets.
CAP_SYS_MODULE - Allow insertion/removal of LKMs