Single User Unix needs a halfway root

[Brad Templeton]

With more and more people running UNIX (TM of BTL) on their very
own machine, I think we need to do another evaluation of permission
schemes.

Essentially, the problem is that you want to be full power (ie. root)
on your machine, but you also want to protect yourself from dumb mistakes,
and you want to make file permissions mean something.  It's quiet annoying
to have to be switching back and forth between su and yourself, although
job control makes this a bit easier.

My idea here is to make a modification to the shell so that the user can
put it in "root shell" mode.  In this case, the shell runs as root, but
whenever it forks a command, it setuids to some chosen innocuous user.
Thus as far as the user is concerned, he is not root.  (This means you
have to fork even things like echo and other built-ins, as well as
forking before opening redirection files)

If the command line has the word "root" or "su" or whatever on the front
of it, however, the setuid is not done and everything proceeds with full
power.
ie.
$ rm file
rm: file not removed
$ root rm file
$ root      (no arugment, no password ever requested)
# (now you can do a long list of root things)
^D
$ echo hi >/etc/passwd
  -- permissions denied
The idea being that su has a password, but you never want to type it more
than once.  This could be done with a setuid program but this is faster and
more secure.

Another system that doesn't require the forking for normal commands is to
create a half-baked root (uid 1) which has the one special power to do
a setuid(0); to do what it wants.  This requires kernal mods, however.

Has anybody ever done this?

-- 
	Brad Templeton - Waterloo, Ont. (519) 886-7304