Now, about csih_check_access() -- without exact knowledge of
csih_ADMINSUID, csih_SYSTEMUID, csih_ADMINSGID, and csih_SYSTEMGID, then
the whole csih_check_access() test can't be computed.
If you make those GID/UID vars "optional" (e.g. not a failure if missing),
and then skip the relevant tests in csih_check_access, you might as well
just abandon the test entirely. Is that what we want to do? Never bother
to check for SYSTEM/Administrator access to the specified files?
e.g.
/var/run
/var/log
/var/empty
Somehow that doesn't seem right.
Well, hmm. In theory, admins have backup/restore rights anyway.
However, I was just thinking that csih should get rid of points of
failure which are not entirely necessary, like the checks for denied
user rights. If you think the test is necessary, just stick to it.