woods@weird.com (Greg A. Woods) writes:

> A proper dedicated set-ID program that can't be mis-configured so
> easily would be an almost infinitely better alternative than sudo.

 Would you ever consider making the `umount(8)' program set-ID only
 just to let somebody to unmount CD-ROM / floppy drive? 

> Perhaps it wouldn't even have to be set-ID-root if what it does
> can be delegated to a special user.

 Again, you can't delegate permissions to a dedicated user in order
 to let them to unmount a volume.  I would rather vote for RBAC from
 Solaris. RBAC complementing (but not replacing) the set-ID
 mechanism is really handy in use and is flexible. For systems
 lacking of RBAC, sudo is the only choice if it is not abused, of
 course.

Oleg