tty_ioctl.4: Explain capability requirements for various ioctls

For TIOCSLCKTRMIOS, TIOCSCTTY, TIOCEXCL, explain the exact
capability that is required (the text formerly just said "root"
in each case).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man4/tty_ioctl.4

@@ -85,7 +85,9 @@ structure of the terminal.
 Sets the locking status of the
 .I termios
 structure of the terminal.
-Only root can do this.
+Only root (more precisely: a process with the
+.BR CAP_SYS_ADMIN
+capability) can do this.
 .SS "Get and Set Window Size"
 Window sizes are kept in the kernel, but not used by the kernel
 (except in the case of virtual consoles, where the kernel will
@@ -233,7 +235,9 @@ controlling tty already.
 If this tty is already the controlling tty
 of a different session group then the ioctl fails with
 .BR EPERM ,
-unless the caller is root and
+unless the caller is root (more precisely: has the
+.BR CAP_SYS_ADMIN
+capability) and
 .I arg
 equals 1, in which case the tty is stolen, and all processes that had
 it as controlling tty lose it.
@@ -277,7 +281,9 @@ No further
 operations on the terminal are permitted.
 (They will fail with
 .BR EBUSY ,
-except for root.)
+except for root, that is, a process with the
+.BR CAP_SYS_ADMIN
+capability.)
 .TP
 .B "TIOCNXCL	void"
 Disable exclusive mode.