For Debian install libcap2-bin
If your linux is 2.6.26 or newer, you may no longer need to patch linux as below.
For superuser ports, try setcap cap_net_bind_service=+ep /path/to/program
Also can do setcap cap_ipc_lock,cap_sys_nice=+ep /usr/bin/jackd and enjoy realtime scheduling in jack. You can also do this for alsaplayer to enable the realtime option there.
If you want to use wireshark from a non-root account, do setcap cap_net_raw=+ep /usr/bin/dumpcap. Now you can run wireshark from a normal account and choose to capture from the network.
You'll need to enable capabilities in Linux by editing /usr/src/linux/include/linux/capability.h to make CAP_INIT_EFF_SET equal to CAP_FULL_SET. Like this.
Re-compile and install linux with capabilites and commoncap modules and then modprobe commoncap
Now you can give any program access to ports less than 1024 by executing something like sudo setpcaps cap_net_bind_service+eip `pidof program`. The program itself never has or gets root privieges by this way.
The realtime priority of jackd could be checked with chrt -p `ps -C jackd -o pid=`. chrt can be found in the schedutils package. You now see jackd bear a priority of RT within the top program.
Of course you need to allow users to do this by letting setpcaps run as root to do its work in /etc/sudoers file.
You might co-erce Adobe Flash to try jackplug with FLASH_ALSA_DEVICE=plug:SLAVE=jack set in the environment variables.
It may also be useful to insert a slight delay with sleep(1) in the main() function of some programs so that setpcaps has time to do its work before the background program attempts to bind ports under 1024.
That works in C programs, in python can put something like this near the beginning
import select select.select(,,,1)