Comment by otabdeveloper4

15 hours ago

> That is a completely valid threat model analysis, though?

No it isn't. Here in 2026 timesharing accounts aren't a thing anymore and literally everyone who ever logs into your server has root access.

"Just make sure all those outsourced sysadmins working for a contractor you've never met are never bad guys" is not a valid security threat model.

1 comment

otabdeveloper4

Reply
KAMSPioneer  5 hours ago

> literally everyone

Perhaps figuratively? I manage several servers where the majority of (LDAP) accounts have no special privileges at all. They get their data in the directories and can launch processes as their user, that's...pretty much it.

Though the upstream comment is gone and I am perhaps missing some important context here.