Exu - A System for Secure Delegation of Authority on an Insecure Network
LISA '95 Proceedings of the 9th USENIX conference on System administration
SSU: Extending SSH for Secure Root Administration
LISA '98 Proceedings of the 12th USENIX conference on System administration
A Retrospective on Twelve Years of LISA Proceedings
LISA '99 Proceedings of the 13th USENIX conference on System administration
Hi-index | 0.00 |
Large UNIX installations have become increasingly demanding of ever growing staffs of system administrators. Since very few system management tasks can be performed without access to root, large sites quickly face a "too many cooks" problem. The problem emerges clearly out of the numerous existing, yet only partial solutions to the problem. Examples of broad access needs are numerous: Help desk staff need to be able to examine user's files to assist over the phone or change passwords. The ability to su(1) to only non-root users is also be useful. System operators need to manage print queues, kill jobs and reboot systems. Neither group, however, should necessarily need access to to pids or files owned by root, making blanket access to kill(1) and cat(1), for example, potentially problematic. Users in a research lab need to mount cdroms. In walk-in consulting areas, securing access to commands via the privileged user's own passwd prevents unattended terminals from being sabotaged. In our environment at UC Davis, we have all of these groups of users and none represent core system administration staff, the only true root users. Several packages and other mechanisms address this issue, but even most of the more expensive commercial packages fail to allow privileged system access that is both secure and flexible.