Practical UNIX security
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
Deconstructing User Requests and the Nine Step Model
LISA '99 Proceedings of the 13th USENIX conference on System administration
Hi-index | 0.00 |
Traditionally, access for performing system administration tasks is an all or nothing proposition. With root access, an administrator can potentially make many changes to a system even though you may only want to allow them to add a user or mount a filesystem. In addition to specific tasks, you may want to control what tasks an administrator can perform based on which machine they are using. For some tasks, you also want to manage how those tasks are performed. For instance, when you add a user, you usually want to make sure the user ID is unique and is not zero. This paper defines requirements for a role-based system administration environment. It describes and compares traditional solutions such as restricted shells, multiple root accounts, and setuid programs. The comparisons are made in the context of the requirements defined and are used to introduce the motivation and need for an alternative solution. The solution proposed in this paper is object oriented and is based on the draft POSIX 1003.7 standard. Where appropriate, specific implementations (such as the Tivoli Management Environment) will be referenced. These examples will include lessons learned at Tivoli in developing and using an object-oriented system administration tool.