Looking through various access control systems, it is interesting to see the different concepts and features. The concept of root, a user with all privileges inalienably granted to it. So let’s have a look at how this works for Windows, Linux and Joomla!’s upcoming 1.6 version.

When you look at Windows, the administrator user and group, is the most powerful user. However the user is granted this through the user of privileges. There are a lot of different privileges available to Windows but they can be removed from the user. Any user can be ‘root’ for a Windows installation, they need not be a special user ID or name to make this happen.

This is contrasted to the UNIX methodology (as seen in Linux/Mac OS X amongst other recent operating systems) where there is a special user ID and username for root across all system. This user inalienably has god rights. It can bypass almost all file system permissions (NFS does deny root typically) and you can run everything that might not necessarily be permitted such as binding to a privileged port. Linux has the same sort of feature that Windows does as privileges except they call it capabilities. Whilst privileges in Windows are additive (you give someone privileges), capabilities in Linux are more subtractive – you start with everything and spawn processes until you lose them.

Joomla! 1.6 is itself going to have a root user as well. However it isn’t going to be a normal part of its operation. Root for Joomla! is going to behave like it does in Linux, it will have everything and the idea is that it has the ability to fix the access control lock out that you have created. Jooma! has the middle ground here between Windows and UNIX – not only do you have a super user who can do everything (if you really need it) but you also have the regular access control model which can add administrators as well. In some respects its the best of both world.