Synthesized root privileges
First Claim
1. An apparatus, comprising:
- a receiver to receive a request from a user process to access a resource;
an object set, including at least a first object representing a user and a second object representing the resource;
an authenticator to authenticate the user using the first object in the object set;
a determiner to determine if there is a relationship between the first object and the second object in the object set; and
a permission setter to set a permission level for the user process to use the resource according to the relationship,wherein the resource is an application to which certain users are to be granted administrative access based on information in the first object in the object set, dependent on the resource, and independent of a username or user ID (UID) associated with the first object in the object set.
9 Assignments
0 Petitions
Accused Products
Abstract
Users provide their standard username and password and are authenticated to the system. The system then determines from an object set, such as a container hierarchy, whether the user should have special administrative privileges for any of the resources on the machine to which they are logging in. These administrative privileges can be determined from configurable sets of pre-existing relationships between the user and resources on the system, stored within the object set. If the user is an administrator, then the system sets the UID number for that user to the UID number for administrator users. The system can even be configured to set the administrative UID to be the UID for the super-user “root” (typically, zero). If the user has no administrative privileges, the system sets the UID number for that user to the user'"'"'s standard UID number.
-
Citations
30 Claims
-
1. An apparatus, comprising:
-
a receiver to receive a request from a user process to access a resource; an object set, including at least a first object representing a user and a second object representing the resource; an authenticator to authenticate the user using the first object in the object set; a determiner to determine if there is a relationship between the first object and the second object in the object set; and a permission setter to set a permission level for the user process to use the resource according to the relationship, wherein the resource is an application to which certain users are to be granted administrative access based on information in the first object in the object set, dependent on the resource, and independent of a username or user ID (UID) associated with the first object in the object set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 25, 26)
-
-
9. A computer-implemented method, comprising:
-
receiving a request by a user to access a resource; accessing an object set, the object set including at least a first object representing the user and a second object representing the resource; authenticating the user using the first object in the object set; determining if there is a relationship between the first object and the second object in the object set, including determining if the first object indicates that the user is a root user of the resource based on information in the first object in the object set, dependent on the resource, and independent of a username or user ID (UID) associated with the first object in the object set; and if there is a relationship between the first object and the second object in the object set, using the relationship to control a permission level for the user with respect to the resource, including permitting the user to act as the root user of the resource. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 27, 29)
-
-
17. An article, comprising:
-
a non-transitory storage medium, said non-transitory storage medium having stored thereon instructions, that, when executed by a machine, result in; receiving a request by a user to access a resource; accessing an object set, the object set including at least a first object representing the user and a second object representing the resource; authenticating the user using the first object in the object set; determining if there is a relationship between the first object and the second object in the object set, including determining if the first object indicates that the user is a root user of the resource based on information in the first object in the object set, dependent on the resource, and independent of a username or user ID (UID) associated with the first object in the object set; and if there is a relationship between the first object and the second object in the object set, using the relationship to control a permission level for the user with respect to the resource, including permitting the user to act as the root user of the resource. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 28, 30)
-
Specification