On Fri, 2005-12-02 at 13:17 -0600, Mike McCarty wrote: > Tim wrote: > > On Fri, 2005-12-02 at 12:44 +0800, John Summerfied wrote: > > > >>A really big flaw in Unix design is the fact one user has the inherent > >>ability to do everything, the fact that the Unix security model is > >>built round this. > > > > > > A counterpoint to that, in the Windows world, is that you can have too > > many people able to do things that they shouldn't. They might think > > they need to do something special, they might want to do it, they might > > think they know what they're doing, but they're often wrong. > > The objection is not that there are not enough users who can > do things, but that there is one super duper user who can > do EVERYTHING AND ANYTHING. There is no finesse. Either > all or none. It might be useful to have someone who can > administer passwords, but not rm /etc/passwd, for example. > There is not enough resolution. ---- perhaps to some extent this is true but of course, there are other options to maintaining user accounts in passwd/shadow/group flat files such as LDAP where a more granular access is not only possible but likely. Account management can be controlled via things like sudo or more than likely via custom perl/cgi or even php driven consoles so the possibilities are still endless but all require some improvisation. For example - check out webmin <http://www.webmin.com> where you can get exceedingly granular with access rights. Craig
