On Mon, Mar 20, 2023 at 4:11 AM Felix Miata <mrmazda@xxxxxxxxxxxxx> wrote: > > If the superuser can't do something, how can a mere mortal user be expected to do > same? When the superuser determines *everything* works as expected is time enough > to create the first regular user. This can actually happen under SELinux (and probably AppArmor). Under SELinux, root is just another account to contain. It is possible to deny root access to something, but provide access to unprivileged users. I don't think I've ever come across the use case, though. A similar constraint on root is with databases. Databases use their own authentication systems, and root would just be another user if added to the database. You would need to do something special to give root privileges. (Modulo domain sockets that use an auth_plugin for authentication). Jeff _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
