Title

RootAsRole: Towards a Secure Alternative to sudo/su Commands for Home Users and SME Administrators

Document Type

Book Chapter

Source of Publication

IFIP Advances in Information and Communication Technology

Publication Date

6-15-2021

Abstract

The typical way to run an administrative task on Linux is to execute it in the context of a super user. This breaks the principle of least privilege on access control. Other solutions, such as SELinux and AppArmor, are available but complex to use. In this paper, a new Linux module, named RootAsRole, is proposed to allow users to fine-grained control the privileges they grant to Linux commands as capabilities. It adopts a role-based access control (RBAC) [14], in which administrators can define a set of roles and the capabilities that are assigned to them. Administrators can then define the rules controlling what roles users or groups can assign to themselves. Each time a Linux user wants to execute a program that necessitates one or more capabilities, (s)he should assign the role to him/herself that contains the needed capabilities, providing there is a rule that allows it. A pilot implementation on Linux systems is illustrated in detail.

ISBN

978-3-030-78120-0

ISSN

1868-422X

Publisher

Springer Nature

Volume

625

First Page

196

Last Page

209

Disciplines

Computer Sciences

Keywords

sudo/su commands, Linux capabilities, Privilege escalation, Access control

Indexed in Scopus

no

Open Access

no

Share

COinS