[...]
> I believe this is where we have been confusing each other: You appear
> to believe that all capabilities are security related, and I believe
> that whilst there are many capabilities that are security related,
> other capabilities can and should be defined to help optimise the use
> of the system. It is some of the capabilities in this latter group
> that I am referring to in the above, as quite clearly many (but not
> all) security related capabilities do not belong there.
Capabilities is about permissions do do things: A capability is a key to
some resource that can _only_ be used by processes that own that
capability.
If what you understand under capability is something different, then yes,
we are talking different kettle of fish.
> In addition, I believe that security-related capabilities of the "I do
> NOT require..." variety can safely be placed in the file since they
> can only REDUCE the abilities of the file, and it is only capabilities
> of the "I additionally require..." variety that can not safely be put
> in there.
Capabilities (see above) are exactly the kind of "I am allowed to..." that
you exclude here. So we were agreeing all along?!
[...]
> > Whenever specific capabilities are needed to do a job the
> > instinctive reaction of any Unix sysadmin is "root". You have to
> > think almighty root away, suddenly things look _very_ different.
>
> No cop-outs please!!!
>
> The instinctive reaction of any NOVICE Unix sysadmin (which all too
> many are) is indeed "root", but for you to automatically assume that
> everybody you converse with falls into that class and you're the only
> one who doesn't is a far worse cop-out than the one you offered above.
Perhaps you don't, but for me (with some 15+ years Unix admin) it _still_
is automatic (or almost).
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/