13. Granting privileged actions
Task: allow user to perform an action that lies off standard user permissions:
- mount an external drive
- restart service
- edit system-wide service settings
- run certain application with super-user rights
- …
== Setuid/Setgid =
- Simple, verifiable mechanism
Static (user always can perform an action if allowed)
Actually limits control to allow/disallow running certain binary
Simple example: TODO