Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป A Privilege Mechanism for UNIX System V Release 4 Operating Systems
Tweet

connect with us

A Privilege Mechanism for UNIX System V Release 4 Operating Systems

Authors: 

Charles Salemi, Suryakanta Shah, and Eric Lund, UNIX System Laboralories, Inc.

Abstract: 

Any multi-user, multi-tasking operating system, such as the UNIX SVR4 Operating System, must provide protection mechanisms that prohibit one user from interfering with another user, or limit the execution of certain system operations that affect critical system resources. These protection mechanisms must also provide the ability to override these restrictions, commonly referred to as privilege. For over twenty years, UNIX-based operating systems have had one such privilege, called "root" or "super-user" which is signified by a process whose effective user ID is 0. The "super-user" has the ability to override the restrictions imposed by these protection mechanisms. In the UNIX System V Release 4 Enhanced Security product this single, omnipotent, privilege is divided into a set of discrete privileges designed to assure that sensitive system services execute with the minimum amount of privilege required to perform the desired task.

This paper describes the privilege control mechanism implemented as part of the UNIX System V Release 4.1 Enhanced Security (SVR4.lES) product. The SVR4.1ES privilege control mechanism separates the privilege mechanism from the access control mechanism, it provides for fine grained control over sensitive operation access by users, and it controls the propagation of privilege from one process to another. Our goals also include accommodating multiple privilege control mechanisms within the UNIX System V kernel. These privilege mechanisms can be "plugged" into the kernel through well defined interfaces, much the same way as UNIX file systems are currently added to the kernel

Charles Salemi, UNIX System Laboralories, Inc.

Suryakanta Shah, UNIX System Laboralories, Inc.

Eric Lund, UNIX System Laboralories, Inc.

Links

Paper: 
http://usenix.org/publications/library/proceedings/sa92/salemi.pdf
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us