On Sat, Dec 10, 2005 at 14:25:46 -0300, Alvaro Herrera <[EMAIL PROTECTED]> wrote: > Joshua D. Drake wrote: > > > > >However there is an effort to get rid of root in some Unix lands, > > >separating its responsabilities with more granularity. Maybe there > > >could be an effort, not to hand-hold the true superusers, but to > > >delegate some of its responsabilities to other users. > > > > Like sudo? > > I was thinking in the thing called "capabilities".
Note that the linux 'capabilities' is not the same thing as 'capabilities' is to some security researchers. To them a capability is sort of like a file handle, and you can't do anything with an object until you get a file handle to it. If you want to give some one else access to something you have access to, you give them a copy of the file handle you hold. Doing things this way simplifies some aspects of designing secure systems. ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
