Question about running Process via suid bit

Hi guys, I was doing tests today and I finally find why I had some issues when I am using the suid bit.

Apparently, Process.run in some case can’t perform privileged task. I am talking about task like groupadd -R (via chroot)

I did this example:

#Libc functions to deal with SUID and SGID bit
lib LibC
    fun seteuid(uid : UidT): Int
    fun setegid(uid : UidT): Int
    fun getegid : UidT
    fun geteuid : UidT
end


def runAsSuperUser(validCondition = true, &)
    uid = LibC.geteuid
    gid = LibC.getegid

    if validCondition
        uidResult = LibC.seteuid(0)
        gidResult = LibC.setegid(0)

        if uidResult.negative? || gidResult.negative?
            puts "Setting failure"
        end
    end

    begin
        yield
    ensure
        LibC.seteuid(uid)
        LibC.setegid(gid)
    end

    rescue error
            puts error
            exit 1
end


runAsSuperUser {
    puts LibC.geteuid
    puts LibC.getegid
    Process.run("/usr/sbin/groupadd",
                args: ["-R","/home/fulgurance/Downloads/root","ism"],
                input: Process::Redirect::Inherit,
                output: Process::Redirect::Inherit,
                error: Process::Redirect::Inherit,
                shell: false)
}

I got this error at execution time:

[fulgurance@alienware-m17-r3 Downloads]$ ./test
0
0
groupadd: unable to chroot to directory /home/fulgurance/Downloads/root: Operation not permitted
[fulgurance@alienware-m17-r3 Downloads]$

But if I just run the groupadd command in a terminal it work, why ?

The thing strange is if I run the binary chroot via a process, it work. It’s like the access is refused when a binary is in sbin maybe ?