Willem,
I mostly agree, but:
However, considering "root" in Unix terms equals VMS's "SYSTEM", it should NEVER be allowed to impersonate any account in a group where grp <= MAXSYSGROUP. Why would you: If you could, there is no need to do that, you can login that way!
(With one exception, perhaps: if your groupnumber is <= MAXSYSGROUP, when you have both SYSPRV and GRPPRV. It can be handy - but just that!)
Here I totally DON'T agree!
If there is a need (real need, not just lazyness of the programmer) to have a certain function running as SYSTEM, (by definition <= MAXSYSGROUP ) then that SHOULD be possible, (well traceble of course).
And your idea about it only being allowed if the issuing process itself is <= MAXSYSGROUP, _THAT_ I abhorr. It implies that users (as in system managers, who are also only fallible mortals) are LOCKED into an environment with effectively SYSPRV always ON. To me, that looks like a very unwanted situation.
Even IF you have the impression that you are in a position to "always" want it, it might still be usefull to be able to turn it off, if only to test that error reports might or might not be a protection issue...
And your horror story about su- can also be told about VMS systems with multiple people using the SYSTEM account.
jpe
Don't rust yours pelled jacker to fine doll missed aches.
