On Sat, Dec 10, 2005 at 14:25:46 -0300, Alvaro Herrera <alvherre@commandprompt.com> wrote:
> Joshua D. Drake wrote:
> >
> > >However there is an effort to get rid of root in some Unix lands,
> > >separating its responsabilities with more granularity. Maybe there
> > >could be an effort, not to hand-hold the true superusers, but to
> > >delegate some of its responsabilities to other users.
> >
> > Like sudo?
>
> I was thinking in the thing called "capabilities".
Note that the linux 'capabilities' is not the same thing as 'capabilities'
is to some security researchers. To them a capability is sort of like a
file handle, and you can't do anything with an object until you get a file
handle to it. If you want to give some one else access to something you
have access to, you give them a copy of the file handle you hold. Doing things
this way simplifies some aspects of designing secure systems.
