Check out the new USENIX Web site.

Sysctl: A Distributed System Control Package

Salvatore DeSimone & Christine Lombardi
Project Agora
IBM T. J. Watson Research Center


The sysctl package is an authenticated client/server system for executing remove commands. It is conceptually similar to rsh, but adds Kerberos authentication, an ACL-based command authorization mechanism, and a programmable Tcl-based command language in its server.

The sysctl server component, sysctld, is a daemon that runs on all workstations. The client component lets users send sysctl commands to a sysctld server. If the user is authorized for the requested operation, the server executes it on behalf of the user and sends back the result. The operations sent by the user are processed at the server using a built-in command interpreter and can range from a single sysctl command to a complex sysctl script. The server has a multi-level authorization scheme to guard against unauthorized access to commands.

The sysctl server uses the embeddable command language Extended Tcl as the foundation for its built-in interpreter. The server can dynamically link in external shell commands and Tcl procedures to integrate existing management tools or create new global or service-specific commands. Once a command is created inside a server's interpreter, it is accessible to any authorized user from any workstation.

Sysctl uses the Kerberos authentication service for reliable third-party authentication, a prerequisite for authorization checking in a distributed computing environment. The server's built-in authorization mechanism provides granularity down to the individual command level.

Download the full text of this paper:
POSTSCRIPT (264,940 bytes)
PDF (81,235 bytes)

To Become a USENIX Member, please see our Membership Information.