Researchers at the PlanetLab global research network have developed a potential replacement for the widely used Unix sudo tool, called Vsys, that will offer administrators far greater control over what end users can and can't access.
"Vsys is a tool for restricting access to privileged operations," said Princeton University's PlanetLab researcher Sapan Bhatia, who introduced the technology at the Usenix conference held last week in Portland, Oregon.
"The rapport between sudo and Vsys is like the rapport between assembly language and C, in the sense you can do everything with the former that you can with the latter," Bhatia said. However, "Vsys contains a bunch of convenience mechanisms that if you [needed them] on a continual basis, you would have either used Vsys, or you'd end up developing something like Vsys."
Sudo is a widely used Unix and Linux command line-based tool that can restrict what operations a user can perform on a computer. Typically it is used by system administrators to grant users elevated privileges to some advanced level of functionality on a computer without granting them absolute, "root" privileges for the machine. Also, as an alternative to logging in as root, sudo helps administrators themselves be more cognizant of undertaking potentially harmful actions.
Vsys is similar to sudo, except it offers finer-grained access to system resources. "Users sometimes make demands for features and resources not directly supported by the default security model," Bhatia said. "They might want files they don't have visibility into, or they might want to run commands you wouldn't allow ordinary users to run."
PlanetLab created Vsys as a way to allow its researchers to access low-level network functionality so they could develop new network technologies -- overlay networks, user-level file systems, virtual switches -- while their experimental work remained safely isolated from other users.
Vsys is actually built using a number of other Unix tools, most notably Ptrace, a process tracer, and chroot, which defines a user's root file system.
With Vsys, administrators can create scripts, called extensions, that can carefully detail which user actions are permissible. Extensions can be written in any programming language. The extensions are executable files.
In the paper accompanying the presentation, the developers described how Vsys differs from other advanced sudo alternatives, such as SUS and ssu.
"In contrast to these tools and their variants, the goal of Vsys goes beyond defining ACLs [access control lists] for privileged commands. Vsys is meant to facilitate the composition of existing tools to build isolated operations," the paper states.
Although it probably wouldn't replace sudo for the casual user, Vsys would be more appropriate for data center administrators, noted Eddie Kohler, who chaired the group of presentations in which Bhatia participated. A savvy administrator could probably script all the functionality needed to replicate Vsys with a combination of sudo and other Unix tools, though it would be a lot more work than just using Vsys.
Headquartered at Princeton University, PlanetLab is a global research network that connects multiple academic, industrial, and government institutions.