|
|
Subscribe / Log in / New account

We need to wait for a better solution in Jessie+1

We need to wait for a better solution in Jessie+1

Posted Feb 18, 2014 21:30 UTC (Tue) by Wol (subscriber, #4433)
In reply to: We need to wait for a better solution in Jessie+1 by roskegg
Parent article: The Debian technical committee vote concludes

Actually, that's one of the biggest Unix MISfeatures, imho, the ability for root to do anything.

From Rev19 onwards, Primos had ACLs. The one thing you couldn't take away from the superuser was the ability to override them (actually, it was implemented as a "priority acl").

So if I was testing stuff that required to run as super-user, I could just do a "set-priority-acl live-data superuser:no-rights", and then be CERTAIN that however badly I screwed up, I couldn't damage the live system. Once I was happy it was all working, I would delete the priority acl and could run the script for live.

After all, if the super-user always has the ability to edit access rights, then any (by default) lack of access rights merely makes things that little bit harder. Which is what you want - the last thing you want is the system making it easy for finger-trouble et al to cause a disaster. It's a safety-catch, not a barrier.

Cheers,
Wol

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds