Privilege Delegation, Role Management and Root Access Control

The Issue…

Privilege delegation, role management and root access control in Unix and Linux systems administration, particularly for large or widely distributed environments, is a complicated field which inevitably requires major trade-offs between functionality, security and ease of administration. In order to make effective use of Unix system, management staff require access to many programs and scripts, some more critical and sensitive than others. Unfortunately, given the lack of a layered security system, it is all too easy to give too many privileges to too many staff. While products exist which attempt to solve this problem, including some in the public domain, there are none which fully integrate a hierarchical systems management structure and security in a flexible and easy-to-use package.

The Solution…

Secure4Privilege is a software tool designed specifically to address security, system access and role delegation by adding flexible and secure layered management capabilities to local and distributed applications and scripts. SecurePrivilege works by defining a command profile which describes the required privileges for the command, and specifies when and where it can be executed. In addition, Secure4Privilege works in conjunction with Secure4Access to define a hierarchical system management structure such that users need only have the least required privileges for their function while still allowing a user’s privileges to be easily changed. By extending the control beyond the ‘root’ access issue to other accounts, Secure4Privilege becomes a role management and provisioning system.