Superuser Account Limitations (UNIX)
Describes UNIX superuser account limitations.
capamsc141
Users who administer and manage operating systems are typically members of predefined accounts. These accounts are automatically created during the system setup, such as the root account on UNIX systems and the Administrator account on Windows systems. Each of the predefined accounts exists to perform a certain set of system functions.
For example, users acting as root or Administrator can create, delete, and modify users and lock, reconfigure, and shut down servers.
One of the major security risks is that an unauthorized user gains control of these accounts. If this happens, the user can seriously damage the system.
Privileged Access Manager
can limit the rights that are granted to these accounts. The product can limit the rights of members of user groups that have these accounts as members. This reduces the vulnerability of your operating system.