RootAsRole: a security module to manage the administrative privileges for Linux

Today, Linux users use sudo/su commands to attribute Linux’s administrative privileges to their programs. These commands always give the whole list of administrative privileges to Linux programs, unless there are pre-installed default policies defined by Linux Security Modules(LSM). LSM modules require users to inject the needed privileges into the memory of the process and to declare the needed privileges in an LSM policy. This approach can work for users who have good knowledge of the syntax of LSM modules’ policies. Adding or editing an existing policy is a very time-consuming process because LSM modules require adding a complete list of traditional permissions as well as administrative privileges. We propose a new Linux module called RootAsRole that is dedicated to the management of administrative privileges. RootAsRole is not proposed to replace LSM modules but to be used as a complementary module to manage Linux administrative privileges. RootAsRole allows Linux administrators to define a set of roles that contain the administrative privileges and restrict their usage to a set of users/groups and programs. Finally, we conduct an empirical performance study to compare RootAsRole tools with sudo/su commands to show that the overhead added by our module remains acceptable.