Re: SUDO and +s is a design weakness
"Why, for instance, couldn't a specific non-root user have rights over installing S/W in /usr/local?"
Just make a group that contains the users you want to be able to write to /usr/local, and chown the directory to that group. I don't think Linux can handle nested groups, which is a nuisance.
Of course, that basically gives the person root access because they can replace parts of the OS with Folger's Crystals that will then be used by everyone else, including the root user.
I prefer that the Specific Non-Root User install software in a subdirectory of their home directory. If they want to let others use the software, they can set permissions to give those others read+execute rights. Best of all, none of this requires special permission from the server admin. If compiling from source code, just build it in the location you choose. RPM packages use an environment variable to make it very easy to do exactly this. I assume that Debian packages have similar.
Biting the hand that feeds IT
