> The whole idea of capabilities is to get rid of all-powerful users, to
> split the root powers among several people where _nobody_ has all
> powers. Any scheme that keeps a root of some sort is broken.
no. This is a misconception. The point is to reduce the power of actually
executing security-relevant code, thus reduce the chance of a system
compromise. Having some sort of (mostly inactive!) super-user around in
the migration period is not at all broken. The point is to get rid of
random setuid root binaries (ping, traceroute, etc.) and system daemons
(klogd, syslogd, lpd, etc.) executing with full system priviledges. A
considerable percentage of those binaries needs only a small subset of
system priviledges. We do _not_ want to remove the administrator, that is
a different task.
-- mingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/