In article <391C3916.20D32849@digicool.com>, Tres Seaver <tseaver@digicool.com> wrote:
The 'superuser' is about to become almost useless for standard site management (see the recent "Trojan" announcement for details). This is a Good Thing(TM), as it will induce people to create "management" users, which are much simpler to secure.
One thing I haven't seen addressed WRT the limiting of superuser's access: How does one replace the top-level UserFolder? You can delete the old one, but then the only users that are left to work with are nobody and superuser, neither of whom is allowe dto create anything. This also seems bad from a disaster recovery standpoint. Used to be, even if the top-level userfolder was screwed up you could still get in and fix things as superuser...