Cgroup files and directories can be owned by non-root users, enabling delegation of cgroup administration. In general, the kernel enforces the hierarchical constraints on limits, so that for instance if devices cgroup /child1 cannot access a disk drive, then /child1/child2 cannot give itself those rights.

As of Ubuntu 14.04, users are automatically placed in a set of cgroups which they own, safely allowing them to contrain their own jobs using child cgroups. This feature is relied upon, for instance, for unprivileged container creation in lxc.