Brian C. Hill
University of California, Davis

Abstract

Examples of broad access needs are numerous: Help desk staff need to be able to examine user's files to assist over the phone or change passwords. The ability to su(1) to only non-root users is also be useful. System operators need to manage print queues, kill jobs and reboot systems. Neither group, however, should necessarily need access to to pids or files owned by root, making blanket access to kill(1) and cat(1), for example, potentially problematic. Users in a research lab need to mount cdroms. In walk-in consulting areas, securing access to commands via the privileged user's own passwd prevents unattended terminals from being sabotaged. In our environment at UC Davis, we have all of these groups of users and none represent core system administration staff, the only true root users. Several packages and other mechanisms address this issue, but even most of the more expensive commercial packages fail to allow privileged system access that is both secure and flexible.

View the full text of this paper in ASCII (40,717 Bytes) and POSTSCRIPT (599,063 Bytes) form.

To Become a USENIX Member, please see our Membership Information.