> First, if you're using capabilities, the privileges are seperate.
No, I'm interested in the reason for this feature which is clearly
historic and has nothing to do with capabilities. Solaris behaves
the same way (allows root access to mode 000 files).
> Otherwise, it's a matter of which access should you chmod to. You
> could do like exec, where anyone having execute access means the
> privileged user can, but without that you have to go searching
> about to determine the least access you can provide and have root
> get it. Presummably the file will be neither owned by root or
> root's group, in which case you have to chmod it to 006, which
> gives the world access.
You can always chown as well as chmod; you're root after all. More
modern security systems would even claim that you *should* be
required to change ownership before changing permissions, although
this would clearly be bogus in the traditional UNIX mindset. I'm
sure allowing root to access mode 000 files either leads back to
an interesting historical reason or is part of a philosophy that
says "no access checks should be applied to the superuser". I just
wonder what historical reason there could be for the feature.
alex
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/