capability原理不多说，使用cap_net_bind_service就可以80端口占用，测试结果如下

[xiehq@140 nginx]$ ps -ef|grep nginx;getcap sbin/nginx
xiehq     59599  59325  0 01:32 pts/1    00:00:00 grep --color=auto nginx
sbin/nginx = cap_net_bind_service+eip
[xiehq@140 nginx]$ sbin/nginx -p /home/xiehq/nginx 
[xiehq@140 nginx]$ curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

[root@140 ~]# netstat -anlp|grep LISTEN|grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      59604/nginx: master 
unix  2      [ ACC ]     STREAM     LISTENING     68735    20074/containerd-sh  @/containerd-shim/moby/0de0c27b3c769f076bd10337c329aabb92809904f5d413a9575b587275ce2804/shim.sock
unix  2      [ ACC ]     STREAM     LISTENING     57680    9162/dockerd         /var/run/docker/libnetwork/ce3bdb67a0ea.sock
unix  2      [ ACC ]     STREAM     LISTENING     53080    9426/master          private/bounce

[xiehq@140 nginx]$ ps -ef|grep nginx
xiehq     59604      1  0 01:32 ?        00:00:00 nginx: master process sbin/nginx -p /home/xiehq/nginx
xiehq     59605  59604  0 01:32 ?        00:00:00 nginx: worker process
xiehq     59619  59325  0 01:33 pts/1    00:00:00 grep --color=auto nginx