• @[email protected]
    link
    fedilink
    27 months ago

    No, that is just not true. You can stop root from doing things without a reboot with SELinux but encrypting something with a password root does not know actually does stop them from doing it at all short of a brute force attack on the encryption.

    • @[email protected]
      link
      fedilink
      English
      07 months ago

      That’s true - you can often recover a bad ACL. I was thinking more of the “niche use case” where separating duties and restricting root are concerned.

      • @[email protected]
        link
        fedilink
        17 months ago

        Oh, I was specifically thinking that admins that have users either competent enough not to forget/lose their passwords or mature enough not to whine to the admin when that causes the loss of all their files are pretty niche.