|
|
|
|
|
|
by zahlman
414 days ago
|
|
|
Currently, for any given action, the following possibilities are implemented: * The user may never perform the action (would require sudo, but the user doesn't have sudo rights) * The user may sometimes perform the action (i.e. only after authenticating with sudo) * The user may always perform the action (is always implicitly authenticated) "Being root" is just another name for the last option. What fourth alternative do you have in mind? |
|
|
No, it's not. Take for example ping. If we want users to be able to always be able to use ping does that mean they need to be root? No, it doesn't. A privileged part of the OS can handle doing the raw socket and the unpriviledged user can talk to that part of the OS.
The key point is that some operations that require privileges are okay to expose to a user, but giving the user privileges for everything is dangerous.