on solaris you could use
RBAC, that's a role based access model, where "no" root exit.... a lot of work, but a good and secure thing when it is done
. That RBAC is one of the important features in
Trusted Solaris, and it is included in solaris9 and already enabled by default in solaris10 (but with the "normal" unix roles, so root is still root=god)
on linux i only know
grsecurity as a RBAC solution, but never tried it. perhabs someone knows other....
gP