Computer system security
First Claim
1. A computer system comprising(a) a computer providing a plurality of protected resources,(b) a plurality of user access means attached to the computer for allowing each user to send commands to the computer, said commands including a user monitor command containing an argument specifying one of said protected resources, and(c) command execution means in said computer, for executing said user monitor command by checking that predetermined conditions are satisfied and then, provided that said predetermined conditions are satisfied, for acessing said one of said protected resources on behalf of said user, and then returning a result to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system is described in which users can access a protected resource only by way of a call to a user monitor command, specifying the protected resource as a parameter. The user monitor command checks that certain conditions are satisfied and performs specified actions before permitting access to the protected resource. The checks may include checking whether options and argument values supplied by the user satisfy specified conditions. The actions may include dynamically modifying a supplementary groups list of a current process temporarily granting or removing privileges to or from the user.
143 Citations
9 Claims
-
1. A computer system comprising
(a) a computer providing a plurality of protected resources, (b) a plurality of user access means attached to the computer for allowing each user to send commands to the computer, said commands including a user monitor command containing an argument specifying one of said protected resources, and (c) command execution means in said computer, for executing said user monitor command by checking that predetermined conditions are satisfied and then, provided that said predetermined conditions are satisfied, for acessing said one of said protected resources on behalf of said user, and then returning a result to the user.
Specification