Secure systems management
First Claim
1. An apparatus implemented in a computer system, comprising:
- a first interface to receive a request from a user process to make a change to a stored file in a system, the user process associated with a user having a user UID;
a provider process to make the change to the stored file in the system, the provider process having a provider process UID and an effective UID;
an authentication module to authenticate the user responsible for the user process;
a UID determiner to determine the user UID of the user responsive to the authentication; and
a second interface to set the effective UID of the provider process to the user UID and forward the request from the user process to the provider process.
7 Assignments
0 Petitions
Accused Products
Abstract
To effect a change to the system, a user process makes a request. An interface receives the request, and attempts to authenticate the user. Assuming the user is authenticated, the interface determines the user'"'"'s UID. The interface determines a provider process that can make the requested change, and forwards the request to the provider process. The interface also assigns the user'"'"'s UID to the provider process'"'"'s eUID. The provider process then attempts to make the change, provided the change can be made given the eUID assignment. The provider process then attempts to run under the new eUID, enabling the system to prohibit it from doing something that is not authorized for that user. This protects the system from inadvertently executing management operations by one provider process that is not expected or intended by the user of another provider process.
6 Citations
23 Claims
-
1. An apparatus implemented in a computer system, comprising:
-
a first interface to receive a request from a user process to make a change to a stored file in a system, the user process associated with a user having a user UID; a provider process to make the change to the stored file in the system, the provider process having a provider process UID and an effective UID; an authentication module to authenticate the user responsible for the user process; a UID determiner to determine the user UID of the user responsive to the authentication; and a second interface to set the effective UID of the provider process to the user UID and forward the request from the user process to the provider process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method, comprising:
-
receiving a request from a user process to make a change to a system, the user process associated with a user having a user UID; authenticating a user responsible for the user process; determining the user UID of the user; forwarding the request to a provider process to make the change to the system, the provider process having a provider process UID and an effective UID; setting the effective UID of the provider process to the user UID; and determining whether to perform the request based on the effective UID at the provider process. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. An article, comprising:
-
a storage medium, said storage medium having stored thereon instructions, that, when executed by a machine, result in; receiving a request from a user process to make a change to a system, the user process associated with a user having a user UID; authenticating a user responsible for the user process; determining the user UID of the user; forwarding the request to a provider process to make the change to the system, the provider process having a provider process UID and an effective UID; setting the effective UID of the provider process to the user UID; and determining whether to perform the request based on the effective UID at the provider process. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification