On Mon, Mar 20, 2023 at 4:11 AM Felix Miata <mrma...@earthlink.net> wrote: > > If the superuser can't do something, how can a mere mortal user be expected > to do > same? When the superuser determines *everything* works as expected is time > enough > to create the first regular user.
This can actually happen under SELinux (and probably AppArmor). Under SELinux, root is just another account to contain. It is possible to deny root access to something, but provide access to unprivileged users. I don't think I've ever come across the use case, though. A similar constraint on root is with databases. Databases use their own authentication systems, and root would just be another user if added to the database. You would need to do something special to give root privileges. (Modulo domain sockets that use an auth_plugin for authentication). Jeff _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
