| 1 |
On Sat, Mar 21, 2015 at 4:32 PM, Philip Webb <purslow@××××××××.net> wrote: |
| 2 |
> |
| 3 |
> I'ld say "Don't" : it's contrary to the principles of Unix, |
| 4 |
> which separate the roles of sysadmin (root) from those of ordinary users. |
| 5 |
> |
| 6 |
|
| 7 |
There are a couple of schools of thought there. One that differs from |
| 8 |
what you suggested is that root isn't really a pure role - it is a uid |
| 9 |
you can log in as (which mostly makes the actions you take as root |
| 10 |
anonymous in a multi-admin environment). If you're into role-based |
| 11 |
access control then you really don't want people just switching to |
| 12 |
root all the time - you want to define roles and their specific |
| 13 |
requirements, and then assign those roles to users. Sudo is a simple |
| 14 |
tool for doing this, but stuff like consolekit/logind/policykit and so |
| 15 |
on are about giving more granular access to users. Likewise posix |
| 16 |
capabilities are all about making what traditionally is root much more |
| 17 |
granular. |
| 18 |
|
| 19 |
But, yes, the simple answer is to just log in as root to power off the |
| 20 |
system. That will almost certainly work for at least the next 20 |
| 21 |
years. Everything else is just added capabilities. |
| 22 |
|
| 23 |
-- |
| 24 |
Rich |
Archives