Posted Dec 1, 2006 18:44 UTC (Fri) by giraffedata
In reply to: File-based capabilities
Parent article: File-based capabilities
I don't think capabilities will change that.
I used to use an operating system that had fine-grained capabilities and system administrators were usually not willing to let anyone other than those who qualified for _all_ of them have _any_ of them. I.e. it's a binary thing -- either you're in the trusted group or you're not.
You can sort of see their point: fine-grained capabilities multiply complexity, and complexity generates ways to make mistakes.
I use Linux capabilities extensively (using local modifications to Linux), but it's always for things that, if I didn't have capabilities, I would be willing to do with superuser.
to post comments)