> This to me is one of the real blind-spots of some people who are
> pushing capabilities. There is absolutely no need to remove the
> privileges of the root account. By default root has all capabilities.
Irix 6.5 uses a scheme we call "augmented Superuser", in which
capabilities are checked first, with the uid 0 check done
iff the cap test failed. Trusted Irix (the B1 version of Irix)
uses pure capabilities. Root is allowed all capabilities in either
case. The assertion is proven by example.
> Think about it: you will need *some* account* with the abilility to
> grant caps anyway. So root is it.
Unless you want to embark on a strictly role based administrative
model. I advocate against role based admin models. Unless a system
is designed with one in mind (hint: UNIX wasn't) role based models
are very tough to make work right.
--Casey Schaufler voice: (650) 933-1634 casey@sgi.com fax: (650) 933-0170
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/