WilTel Network Services
This paper describes the implementation of a new tool,
which eliminates the need for group login accounts.
mediates the access of users to privileged accounts and executables.
The history behind our use of group accounts and a complete methodology
for UNIX application management are presented. Details of the implementation
medex, including its interaction with the existing security
features of UNIX, are given. The tool utilizes execution control lists
(ECLs) as a means to allow controlled execution of programs under accounts
other than the current login.
Medex also re-authenticates
the user's password upon each instatiation and maintains an audit trail via
log files or the use of the UNIX
syslog facility. A complete
project management example utilizing
medex is given along
with a comparison to related tools.
To Become a USENIX Member, please see our Membership Information.