In the Unix world, anyone who knows the root password has access to the root account. This gives them complete control, as there is no way to delegate specific privileges. The systems admin has to decide to control everything, or allow other users root access to perform specific tasks allocated to them. One way leads to overwork, the other to security compromise.
Unix Privilege Manager (UPM) allows system admins to delegate administrative privileges without disclosing root passwords. Tasks such as resetting passwords, performing backups and clearing printer queues can be delegated without risking the overall security of the Unix OS.
To meet growing compliance needs, all activities performed can be recorded. These unerasable audit trails can be taken to the level of storing all keyboard actions and screen displays and a replay feature is included to allow sessions to be reviewed.
UPM comprises three elements. A Privilege Manager Client agent carries the delegated user's request to the central server running the Master Daemon. Their credentials and permissions are checked against the policy document and on verification a request is sent to the sanctioned server. This carries a Local Daemon which double checks the validity of the request. If everything checks out, the Local Daemon acts as a proxy administrator with full root access, but confines the user to the specific directories and applications that they have permission to use.
Once loaded, UPM can be configured using a browser-based admin console and integrated with PassGo's Defender to link with the standard Unix Pluggable Authentication Module.
Platforms supported by UPM comprise IBM AIX, Hewlett-Packard HP-UX and Tru64, Sun Solaris, NCR MP-RAS, Red Hat Linux, Novell SuSE Linux, and SGI IRIX. The review was based on the Red Hat Linux version.