On Mon, Mar 20, 2023 at 4:11 AM Felix Miata <[email protected]> wrote: > > If the superuser can't do something, how can a mere mortal user be expected > to do > same? When the superuser determines *everything* works as expected is time > enough > to create the first regular user.
This can actually happen under SELinux (and probably AppArmor). Under SELinux, root is just another account to contain. It is possible to deny root access to something, but provide access to unprivileged users. I don't think I've ever come across the use case, though. A similar constraint on root is with databases. Databases use their own authentication systems, and root would just be another user if added to the database. You would need to do something special to give root privileges. (Modulo domain sockets that use an auth_plugin for authentication). Jeff _______________________________________________ users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
