This disclosure relates generally to the field of computer systems. More particularly, but not by way of limitation, it relates to a technique for improving impersonation management system.
In today's Information Technology (IT) environment, proper system access control is essential, not only from an operational perspective but also from compliance and audit perspective. Compliance requires that users are configured with “least required privileges”. However operators in the systems management space often require access to more elevated privileges.
Systems like “sudo” allow local users on a machine to elevate their privileges. Through definitions installed in configuration files on the local machine, a user can temporarily impersonate another more elevated account to execute commands that require elevated privileges. The downside of this solution is that the files that enforce this elevation are locally managed, therefore introducing further managing, auditing and distribution of these rights. “Sudo” is by nature also not totally transparent. A user has to specifically “sudo”-execute a command in order to get access. A workaround for that problem can be achieved by installing wrapper commands in a location somewhere on the system and making sure that this location is specified in the PATH variable before the regular paths. That way, the operating system will execute the wrapper script instead of the real command.
These local configuration files and wrapper scripts are safe in the ideal world, but since they allow non-privileged users to elevate their privileges, it sometimes means that non-privileged accounts are as dangerous as privileged accounts. After all—user context switching is enabled 24×7 for anyone with local access to the machine. Even if a non-privileged account is compromised, this may result in some authorized actions by the compromised account, impersonating a privileged user.
Thus, it would be beneficial to provide a mechanism that centrally manages the impersonation to remote machines.