The present invention relates to system administration management, and, in particular, to service control manager modules.
A system management command, referred to as superuser do (Sudo), may allow a system administrator to give non-root users the ability to run some or all commands as root while logging all commands and arguments. Sudo may restrict what commands the users may run on a per-host basis, while logging each command and providing a clear audit trail of who did what. However, Sudo may not allow the finer granularity of authorizing a command and options. In addition, Sudo only runs on a per-machine basis, so a non-root user who wishes to have root privileges on multiple machines may need to be enabled multiple times on the multiple machines.
Other authorization commands and mechanisms, such as .rhosts and remsh, may allow users on one machine to execute commands on a remote machine. However, these authorization have no restrictions in that the authorized user may have full access to a system and run all of the commands and options on the machines in the system. Such user authorization may cause security problems.
A service control manager (SCM) module may, through a light weight centralized authorization process, grant limited access to a non-root user to run certain root commands without external authorization involving the trusted user or the senior administrator. The SCM module may utilize an authorization model to assign tools that specify the root commands to a role and assign the role to a non-root user, so that the non-root user may, based upon the roles assigned, run the root commands and options specified in these tools as a root user, i.e., without external authorization. However, the non-root user has only limited access in that he/she is only authorized to run the commands assigned to the specific role. The usage of the commands specified in the tools is tracked and logged, typically by a log manager who observes each of the commands that are run within the role. If the non-root user tries to run a command that is not assigned to the role, the log manager may block that attempt. Therefore, the light weight authorization may be achieved without compromising system security. The user may also be given a finer granularity of running specific commands with specific options. In addition, assigned with the specific role, the non-root user may only need to be authorized on one node (machine) to be able to perform the commands on multiple nodes.