On Tue, 17 Dec 2002, Matt Zimmerman wrote: > On Tue, Dec 17, 2002 at 04:08:26PM +0100, Susanne Oberhauser wrote: > > > Nevertheless would you agree with me that for systmes claiming to run on > > *Linux*, relying on the existence of a user 'root' should be ok? This > > would allow portable software to have just *one* platform specific backend > > for *all* flavors of Linux, and would ease porting of such software to > > Linux. > > Certainly, a program which is not expected to work on anything but an > LSB-compliant system can make this assumption, and many others. But in this > specific case, it is (in many cases) in fact easier to check for uid=0 than > username="root" anyway, and in general, there are relatively few cases where > it makes sense to test for root privileges rather than something more > specific. With the continuing development and proliferation of more > fine-grained access control systems for Linux, root will become less magic, > and could be removed or assigned reduced privileges.
Indeed. Engarde Linux has been around a while, and it's hardened with LIDS. There's no gurantee that root can do anything you'd want to if you're running LIDS-enabled. I'm pretty sure you will encounter difficulty if you're using selinux or Bastille. Possessors of such systems won't care whether they're LSB-compliant, though they mare care that tests for privilege fail. -- Cheers John. Join the "Linux Support by Small Businesses" list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
