The MultiAdmin security kernel module provides means to have multiple "root" users with unique UIDs. This fixes collation order problems which for example appear with NSCD1, allows to have files with determinable owner and allows to track the quota usage for every user, since they now have a unique UID.

It also implements a "sub-admin", a partially restricted root user (or enhanced normal user, depending on the way you see it2), who has full read-only access to most subsystems, and additional write rights only to a limited subset, e.g. writing to files or killing processes only of certain users.



1 Name Service Caching Daemon, part of glibc. NSCD returns the entry with the lexicographically first user for a uid that was queried. E.g. if there was a uid-0 user "admin" and a uid-0 user "root", then ls -l would display admin instead of root, which is not very consistent.

2 Technically, it is really a reduced root rather than an enhanced user.