On 1/19/13 8:45 AM, Kohei KaiGai wrote:
> I think, it is a time to investigate separation of database superuser privileges
> into several fine-grained capabilities, like as operating system doing.
> https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h
The Linux capabilities system exists because there is no normal file
system object to attach the privileges to. If there were
/dev/somethings for all of these things, there would not no need for the
capabilities thing.
In this case, the privileges system already exists. We just need to use it.