1 |
On Sat, Mar 21, 2015 at 4:32 PM, Philip Webb <purslow@××××××××.net> wrote: |
2 |
> |
3 |
> I'ld say "Don't" : it's contrary to the principles of Unix, |
4 |
> which separate the roles of sysadmin (root) from those of ordinary users. |
5 |
> |
6 |
|
7 |
There are a couple of schools of thought there. One that differs from |
8 |
what you suggested is that root isn't really a pure role - it is a uid |
9 |
you can log in as (which mostly makes the actions you take as root |
10 |
anonymous in a multi-admin environment). If you're into role-based |
11 |
access control then you really don't want people just switching to |
12 |
root all the time - you want to define roles and their specific |
13 |
requirements, and then assign those roles to users. Sudo is a simple |
14 |
tool for doing this, but stuff like consolekit/logind/policykit and so |
15 |
on are about giving more granular access to users. Likewise posix |
16 |
capabilities are all about making what traditionally is root much more |
17 |
granular. |
18 |
|
19 |
But, yes, the simple answer is to just log in as root to power off the |
20 |
system. That will almost certainly work for at least the next 20 |
21 |
years. Everything else is just added capabilities. |
22 |
|
23 |
-- |
24 |
Rich |