Scientists at PlanetLab global research network have come up with a crucial replacement for the Unix Sudo tool.
Dubbeed Vsys, it has been developed by the finest minds Princeton University has and if it is widely adopted it could give systems administrators considerably more control over what users can do on their machines.
Princeton University’s PlanetLab researcher Sapan Bhatia, chatted about the software tool to Computerworld .
He said that It is designed to replace Sudo which is widely used and lets system administrators grant users elevated privileges to some advanced level of functionality on a computer without granting them absolute “root” privileges.
Vsys offers finer-grained access to system resources and allows people to make demands for features and resources not directly supported by the default security model.
It means that systems administrators can give a user access to more files or run special commands.
But it also lets people access low-level network functionality so they can develop new network technologies such as overlay networks, user-level file systems, vand irtual switches. This makes it possible to do experimental work while safely isolated from other users.
Administrators can create scripts, called extensions, that can carefully detail which user actions are permissible. Extensions can be written in any programming language. The extensions are executable files.
Such software flexibility has been needed for a while, and has resulted in the development of sudo alternatives, such as SUS and ssu.
But Bhatia said the other tools just define access control lists for privileged commands while Vsys uses existing tools to build isolated operations.
While it is too soon to mourn the death of Sudo, particularly for the casual Unix or Linux bod, it will make it rarer in big networks and data centres.