Could you provide more details on what you need done as root. Any installation that wants something done as root needs to be configured by the root user. One method is using groups to control write access. Another for write access is using ACLs. For operations such as mounting usb drives, PolicyKit is used. Another method is to use a client/server approach. If something needs root permissions, it should be written with support for the mechanisms used to control authentication. Such as PAM. It should be very careful in controlling what can be done, and checking the real uid and effective uid. For example, the passwd command is suid root. It runs as root, but restricts what can be done if the real uid isn't root. Many daemons start out as root, to be able to open a lower order port, and then change to an effective uid of a system user soon after starting. Any program or script run as root, needs to trap messages such as ctrl-C and handle them safely, and fail without promoting the regular user. It may be desirable to control the environment as well.
Last edited by jschiwal; 09-04-2009 at 09:55 AM.