RootAsRole: Towards a Secure Alternative to sudo/su Commands for Home Users and SME Administrators
Document Type
Book Chapter
Source of Publication
IFIP Advances in Information and Communication Technology
Publication Date
6-15-2021
Abstract
The typical way to run an administrative task on Linux is to execute it in the context of a super user. This breaks the principle of least privilege on access control. Other solutions, such as SELinux and AppArmor, are available but complex to use. In this paper, a new Linux module, named RootAsRole, is proposed to allow users to fine-grained control the privileges they grant to Linux commands as capabilities. It adopts a role-based access control (RBAC) [14], in which administrators can define a set of roles and the capabilities that are assigned to them. Administrators can then define the rules controlling what roles users or groups can assign to themselves. Each time a Linux user wants to execute a program that necessitates one or more capabilities, (s)he should assign the role to him/herself that contains the needed capabilities, providing there is a rule that allows it. A pilot implementation on Linux systems is illustrated in detail.
DOI Link
ISBN
978-3-030-78120-0
ISSN
Publisher
Springer Nature
Volume
625
First Page
196
Last Page
209
Disciplines
Computer Sciences
Keywords
sudo/su commands, Linux capabilities, Privilege escalation, Access control
Scopus ID
Recommended Citation
Wazan, Ahmad Samer; Chadwick, David W.; Venant, Remi; Laborde, Romain; and Benzekri, Abdelmalek, "RootAsRole: Towards a Secure Alternative to sudo/su Commands for Home Users and SME Administrators" (2021). All Works. 4387.
https://zuscholars.zu.ac.ae/works/4387
Indexed in Scopus
yes
Open Access
no