On Thursday, January 20, 2011 03:11:00 pm Mike McCarty wrote:
That does not preclude access to the machine's content. Anyone with root access should be able to do that. You shouldn't have to log in AS THAT USER in order to access the computer's content.
Although I have seen in the case of Windows, installed to NTFS, and set with 'make your files private' when you first set up a password, that if even if you log in as Administrator you can't necessarily see all users' files, at least not through file sharing. It has been a long time since I've put that to the test on the local console.
Makes it a pain to do whole machine virus scans from the Administrator account, and makes it a bigger pain to do backups using the semi-documented $ shares when file sharing is enabled in the firewall.
I've never experienced that on Linux, but it is possible to set up the SELinux policy in a way that 'ordinary' root can't do everything, that you have to be in a different context.