DECUS Heritage
CERBERUS: A Package to Enable the VMS System to Temporarily Grant Privileges to Non-privileged Users (V00118)
Submitted By: J.P. Hamaker, Netherlands Found. for Radio Astronomy
Operating System: VAX/VMS V3.6
Source Language: FORTRAN 77, DCL
Keywords: System Management - VMS, Utilities - VMS
Abstract: The CERBERUS package enables the VMS system to temporarily grant privileges to non-privileged users for the execution of specific command files. The particular aspect of this feature is, that users can execute command procedures without having read access to them. The name of Cerberus, the Greek-mythological hell-hound that grarded the entrance to the Hades where lived the invisible spirits of the dead, is thus particularly appropriate.
The desirability of a feature of this type has often been alluded to in the Pageswapper. Indeed, the standard file protection mechanisms in VMS are very crude: It is simply "Read: yes or no" and "Write: yes or no"; once, e.g. write access has been granted, the system has no control whatsoever over the way a user exercises his rights. Privileged command files are precisely what is needed for a more refined control: Through them, one may allow a user access to sensitive data on whatever conditions one wants to impose.
The basic method for giving a user privileges in excess of those allowed by the UAF file is quite simple: A simple program installed with SETPRV and CMKRNL privileges can do the job. To make it useful for our purpose, two problems must be solved:
- The user may obtain the temporary privileges only for the execution of a specific (set of) command files(s).
- There may be no way for the user to return to normal conditions without losing the temporary privileges.
Click on DOC to display additional information about the product. Click on FTP to download from the FTP Achives.
![[DOC]](../../hidedecus/graphics/i_doc.gif)
![[FTP]](../../hidedecus/graphics/i_ftp.gif)
Last Update: Thu Jan 11 18:19:49 1996