In many computer systems, there is often a restricted class of users (e.g., root users) that have read and write access (e.g., root access) to the computer systems. These users are often the overall administrators of the computer systems. As such, these users often have a large number of responsibilities that prevent them from being able to efficiently perform everyday tasks (e.g., managing databases, websites, adding new users, etc.) on the machines of the computer systems. Somehow, these users must delegate their system access to other users.
Unfortunately, in these computer systems, access is limited to either all or nothing. In other words, a root user may delegate complete and total access to a non-root user or none at all. As a result, even if a root user wants to enable a non-root user only to be able to add users or administer a database on a single machine in the computer system, the non-root user will have total access to the computer system and be able to do most anything on the computer system. Clearly, this presents a significant problem with regard to computer system security.
One possible solution has been to limit the delegation of total access to non-root users to a discrete period of time. This solution enables the non-root user to perform an assigned task during the discrete period of time. Unfortunately, this solution is not satisfactory since the non-root user will still have complete computer system access, jeopardizing computer system security, for the discrete period of time.
Moreover, administrators of computer systems were required to give root access to trouble-shooters (e.g., customer engineers) and other transient users who only occasionally require access. The administrators had to set up accounts before the trouble-shooter could access machines of the computer systems. Once the trouble-shooter was done, the administrator had to remove access by tearing down the account. Setting up accounts and tearing down the accounts could be particularly complex and time-consuming. Additionally, the trouble-shooter had complete root access while the account persists, thereby jeopardizing security.
The Hewlett Packard Company does provide a product called Systems Administration Management (“SAM”) that provides a “restricted” SAM access functionality (see U.S. Pat. Ser. No. 5,579,478). Likewise, there is a public domain UNIX tool called “sudo” which provides an ability to run commands as root on a per command basis. However, unlike the present invention, these tools are focused on a single system, at least do not allow access control across multiple systems (e.g., node), and do not allow the degree of control that the present invention does, among other disadvantages.
Accordingly, a system and method for easily enabling and disabling transient accounts is needed. A system and method that is not complex and that is not time consuming is needed. Moreover, a system and method that does not give the transient account user complete root access and that preferably limits the transient account user to root access for certain delineated tasks is needed. A system and method that supports disabling tool execution via roles is needed.