On Fri, 2005-12-02 at 14:17, Mike McCarty wrote: > Tim wrote: > > On Fri, 2005-12-02 at 12:44 +0800, John Summerfied wrote: > > > >>A really big flaw in Unix design is the fact one user has the inherent > >>ability to do everything, the fact that the Unix security model is > >>built round this. > > > > > > A counterpoint to that, in the Windows world, is that you can have too > > many people able to do things that they shouldn't. They might think > > they need to do something special, they might want to do it, they might > > think they know what they're doing, but they're often wrong. > > The objection is not that there are not enough users who can > do things, but that there is one super duper user who can > do EVERYTHING AND ANYTHING. There is no finesse. Either > all or none. It might be useful to have someone who can > administer passwords, but not rm /etc/passwd, for example. > There is not enough resolution. You can configure sudoers to limit a user to specific commands that they can run as root when needed without allowing that user to do everything root can.