ons 2010-12-22 klockan 00:59 +0100 skrev Miloslav Trmač:
This is possible, but it would be a much larger change to the system. To take a particular example, look at /etc/shadow.
It needs to be protected against attackers, so it should not be owned by root - let's make it owned by "adm", say.
Imho in that specific case it should be protected by two group acls. One group for writing/modifying, another for reading.
No need for capabilities at all, just setgroupid and file acls. shadow have no special significance to kernel functions.
Regards Henrik