It is well known that the classic *nix style access control is insecure. For
me, there are three major reasons:
Small granularity: All you have are the access modes read, write and
execute, set for the file or dir owner, the file's assigned group and all
others. In very many cases, this is barely enough for secure administration.
Discrete control: You have to put trust into all users, who handle
sensitive or critical data, that they administrate access control
accordingly. Due to their lack of personal group management, they can hardly
do proper access control setups.
Also, all discrete access control is
like an invitation to trojans and viruses, who can do anything the
respective user is allowed to do.
Superuser root - the worst of these three problems: root has full
access to everything, even the kernel memory, and is too often needed.
Too much software has to start or even run under root account, e.g. many network daemons.
Naturally, there are loads of exploits through this dangerous account.
