Controlling user access to command execution
First Claim
1. A computer-implemented method comprising:
- receiving, by a shell aggregator executing on one or more computing systems, a request from a user indicating a command to be executed by each of a plurality of computing nodes that are provided by a network-accessible service for use by the user and that are each executing one or more programs on behalf of the user, wherein execution of the command by each corresponding computing node of the plurality of computing nodes causes each corresponding computing node to gather information regarding itself;
determining, by the shell aggregator and based at least in part on permissions information stored externally to the plurality of computing nodes, that the user is authorized to have the command be executed by each of the plurality of computing nodes;
initiating, by the shell aggregator and in response to the determining, execution of the command by each of the plurality of computing nodes to gather the information, including;
executing the command by a first computing node of the plurality of computing nodes for the user; and
denying execution of the command for the user by a second computing node of the plurality of computing nodes based on additional security information stored locally on the second computing node;
receiving, by the shell aggregator, results including the gathered information from the execution of the command by each of the plurality of computing nodes;
aggregating, by the shell aggregator, the received results to generate aggregated results; and
returning the aggregated results to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are described for providing users with access to perform commands on network-accessible computing resources. In some situations, permissions are established for user(s) to execute command(s) on computing node(s) provided by an online service, such as by maintaining various permission information externally to those provided computing nodes for use in controlling users'"'"' ability to access, use, and/or modify the provided computing nodes. An interface component may use such external permissions information to determine if a particular user is authorized to execute one or more particular commands on one or more particular computing nodes, and to initiate simultaneous and independent execution of the command(s) on the computing node(s) when authorized. The interface component may further aggregate results from each computing node that executed the command(s), prior to providing the results to the user.
19 Citations
19 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a shell aggregator executing on one or more computing systems, a request from a user indicating a command to be executed by each of a plurality of computing nodes that are provided by a network-accessible service for use by the user and that are each executing one or more programs on behalf of the user, wherein execution of the command by each corresponding computing node of the plurality of computing nodes causes each corresponding computing node to gather information regarding itself; determining, by the shell aggregator and based at least in part on permissions information stored externally to the plurality of computing nodes, that the user is authorized to have the command be executed by each of the plurality of computing nodes; initiating, by the shell aggregator and in response to the determining, execution of the command by each of the plurality of computing nodes to gather the information, including; executing the command by a first computing node of the plurality of computing nodes for the user; and denying execution of the command for the user by a second computing node of the plurality of computing nodes based on additional security information stored locally on the second computing node; receiving, by the shell aggregator, results including the gathered information from the execution of the command by each of the plurality of computing nodes; aggregating, by the shell aggregator, the received results to generate aggregated results; and returning the aggregated results to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable medium including stored contents that cause a computing system to at least:
-
receive, by the computing system, information from a first user indicating a high-level directive corresponding to operations to perform on a plurality of computing-related resources provided from a network-accessible service, wherein the plurality of computing-related resources include first and second computing nodes; determine, by the computing system and based on the high-level directive, a plurality of commands to execute for the plurality of computer-related resources by the plurality of computer-related resources; determine, by the computing system and based at least in part on permissions information for the first user that is stored externally to the plurality of computing-related resources, that the first user is authorized to execute the plurality of commands for the plurality of computing-related resources; initiate, by the computing system, execution of the plurality of commands for the plurality of computing-related resources by the plurality of computer-related resources, including; perform, by the first computing node and without additional security verification, the plurality of commands for the first user; identify, by the second computing node, that additional security information stored on the second computing node disallows performing at least one command of the plurality of commands for the first user by the second computing node; and deny, by the second computing node and based on the identifying, performance of the at least one command for the first user by the second computing node; receive, by the computing system, results from the execution of the plurality of commands for the plurality of computing-related resources; aggregate, by the computing system, the received results to generate aggregated results; and return the aggregated results to the first user. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
one or more processors of one or more computing systems; and one or more memories storing software instructions that, when executed by at least one of the one or more processors, cause the one or more processors to manage execution of commands by; receiving information from a user indicating an shell command to request data from each of a plurality of computing nodes when the shell command is executed by each of the plurality of computing nodes, wherein the plurality of computing nodes are provided for use by the user and are each executing one or more programs on behalf of the user; determining, without interacting with the plurality of computing nodes, that the user is authorized to have the shell command be executed by each of the plurality of computing nodes; initiating, based on the determining, execution of the shell command by each of the plurality of computing nodes to request the data, including modifying ongoing operation of the executing one or more programs on each of the plurality of computing nodes, including; initiating execution of the shell command by a first computing node of the plurality of computing nodes for the user; determining that the user is not authorized to have the shell command executed by a second computing node of the plurality of computing nodes; and initiating execution of the shell command by the second computing node of the plurality of computing nodes at a higher permission level that is authorized to execute the shell command; receiving results that include the requested data from the execution of the shell command by each of the plurality of computing nodes; aggregating the received results for the plurality of computing nodes to generate aggregated results; and returning the aggregated results to the user. - View Dependent Claims (19)
-
Specification