Non-root users execution of root commands

Assignee

• HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. · US

Inventors

• Carlos Bonilla · La Puente, US
• Douglas P. Drees · Fort Collins, US
• Mary Robb · Fort Collins, US
• Jeffrey R. Finz · Portland, US
• Terence E. Lister · Fort Collins, US
• Humberto Sanchez · Fort Collins, US
• Paula Curtis · Windsor, US
• Richard Harrah · Seattle, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/629
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A service control manager (SCM) module may, through a light weight centraized authorization process, assign certain tools to a role so that a non-root user with such role may run the authorized commands specified in the tools as a root user. The usage of these commands is tracked and logged, typically by a log manager who observes each of the commands that are run within the role. If the non-root user tries to run a command that is not assigned to the role, the log manager may block that attempt. Therefore the lightweight authorization may be achieved without compromising security. The user may also be given a finer granularity of running specific commands and options. In addition, the non-root user with the role may only need to be authorized on one node (machine) to be able to perform the commands on multiple nodes.