Comment 29 for bug 1581713

As we discussed the last time this came up, yes, that seems fine. Handing out a token to root that provides an authorization to manipulate the system is analogous to allowing root itself to be doing removals without further store information, which we allow.

The necessary infrastructure for that is pretty much in place since we already have to maintain the local and remote macaroons separately, and the situation where the remote macaroon is missing or incorrect is already handled. If a store operation depends on a valid user, it will prompt for a full login, and once performed that will associate the remote macaroon with the existing local user instead of creating a new one.