> > Yes - I was wondering whether that ought to be tightly enforced?
> > ie even if a file has uid -2 it still can't be accessed?
> 
> Ah, _NO_!  :-)
> 
> > The permissions for created files become problematical...
> 
> Indeed!  Perhaps you should look at some clusters of diskless clients in
> real production use.  The client superusers must quite often be able to
> create files, and subsequently access the files they create, even on
> partitions where they do not have superuser access (and indeed in some
> cases they may not ever have any superuser access to any files on any
> filesystems).

It is a long time since I've had access to such a cluster (sun3s)
and I didn't set it up.  However under those circumstances the admin
would almost certainly explicitely map remote root access to a
specific local user.

	David

-- 
David Laight: david@l8s.co.uk