No "superuser" in VMS (Score 1)

But that's true of ,say, unix 'root' vs Vax VMS 'superuser'.

There is no such thing as VMS superuser. VMS never used lame 40-year old security paradigms such as 'superuser'. Windows security is superficially like Unix because Windows NT is a broken, dumbed-down version of VMS. MS broke the VMS kernel model when they spliced in graphics routines and mouse drivers at inappropriate levels - it's hard to explain in unix terms, the kernels are fundamentally different.

Out of the box, the VMS account SYSTEM has CMKRNL and SETPRIV privileges, which allow a knowledgeable user logged in as SYSTEM to do all the stuff root can do under unix. However, you can delete that account entirely, or remove these privileges, and VMS still works fine. I have used a VMS box where there were no user accounts with SETPRIV (admittedly an incredibly paranoid site) and the system worked fine.

Ted T'so's work with Linux capabilities is bringing VMS-style security to linux. This is one of the main reasons that linux is NOT unix, it's BETTER than unix. If you don't understand this, research T'so's work, and look into the way Red Hat has stripped all privs from their ntp daemon - except the ability to set the hardware clock, something normally restricted to root.