Secure systems management
First Claim
1. An apparatus implemented in a computer system, comprising:
- a first interface to receive a request from a user process to make a change to a system;
a provider process to make the change to the system;
an authentication module to authenticate a user responsible for the user process;
a user ID (UID) determiner to determine a UID for the user; and
a second interface to assign the UID to the provider process.
7 Assignments
0 Petitions
Accused Products
Abstract
To effect a change to the system, a user process makes a request. An interface receives the request, and attempts to authenticate the user. Assuming the user is authenticated, the interface determines the user'"'"'s UID. The interface determines a provider process that can make the requested change, and forwards the request to the provider process. The interface also assigns the user'"'"'s UID to the provider process'"'"'s eUID. The provider process then attempts to make the change, provided the change can be made given the eUID assignment. The provider process then attempts to run under the new eUID, enabling the system to prohibit it from doing something that is not authorized for that user. This protects the system from inadvertently executing management operations by one provider process that is not expected or intended by the user of another provider process.
22 Citations
25 Claims
-
1. An apparatus implemented in a computer system, comprising:
-
a first interface to receive a request from a user process to make a change to a system;
a provider process to make the change to the system;
an authentication module to authenticate a user responsible for the user process;
a user ID (UID) determiner to determine a UID for the user; and
a second interface to assign the UID to the provider process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method, comprising:
-
receiving a request from a user process to make a change to a system;
authenticating a user responsible for the user process;
determining a user ID (UID) for the user;
forwarding the request to a provider process to make the change to the system; and
assigning the UID to the provider process. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. An article, comprising:
-
a storage medium, said storage medium having stored thereon instructions, that, when executed by a machine, result in;
receiving a request from a user process to make a change to a system;
authenticating a user responsible for the user process;
determining a user ID (UID) for the user;
forwarding the request to a provider process to make the change to the system; and
assigning the UID to the provider process. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
Specification