> > Also, keep in mind that the set of capilities differs between 2.2 and > 2.4 kernels if memory serves me correctly, and people are still looking > at making sure the current set is an optimal one. (Fun assignment: see > which capabilities can lead to root access. It turns out to be a > surprisingly large set). > > Wichert. > VMS had a granular set of privileges, many of which could be leveraged to grant all privileges, but they were still useful. The User Authorization Facility summarized the privileges for an account as being equivalent to ALL if they contained one of the ones which could be leveraged to obtain all privileges.
I used to regard the levels of privilege as being similar to the safety catch on a gun. It does not provide you with much protection if someone takes control of the gun away from you, but it will stop you shooting yourself in the foot. John Lines
