USENIX Tenth System Administration Conference (LISA
Priv: Secure and Flexible Privileged Access Dissemination
Brian C. Hill
University of California, Davis
Large UNIX installations have become increasingly demanding of
ever growing staffs of system administrators. Since very few system
management tasks can be performed without access to root, large
sites quickly face a ``too many cooks'' problem. The problem
emerges clearly out of the numerous existing, yet only partial
solutions to the problem.
Examples of broad access needs are numerous: Help desk staff
need to be able to examine user's files to assist over the phone or
change passwords. The ability to su(1) to only non-root users is
also be useful. System operators need to manage print queues, kill
jobs and reboot systems. Neither group, however, should necessarily
need access to to pids or files owned by root, making blanket
access to kill(1) and cat(1), for example, potentially problematic.
Users in a research lab need to mount cdroms. In walk-in consulting
areas, securing access to commands via the privileged user's own
passwd prevents unattended terminals from being sabotaged. In our
environment at UC Davis, we have all of these groups of users and
none represent core system administration staff, the only true root
users. Several packages and other mechanisms address this issue,
but even most of the more expensive commercial packages fail to
allow privileged system access that is both secure and flexible.
View the full text of this paper in
ASCII (40,717 Bytes) and
POSTSCRIPT (599,063 Bytes) form.
To Become a USENIX Member, please see our