S4Software Home  
Home Page About Us Services Support Partners Events  


Privilege Delegation and Role Provisioning from S4Software

Secure4Privilege (previously known as suGUARD) is a software tool designed to address root account and program use control, and layered, role-based management. Secure4Privilege adds a flexible and secure layered management capability to UNIX systems, providing control of local and distributed applications, programs and scripts. The Secure4Privilege command profile describes how to run a command or script, and controls when, where and by whom this command can be executed, and includes the ability to filter arguments.

One of the critical issues with UNIX systems is the lack of a flexible and manageable super-user facility. Access to the 'root' password is usually all that it takes to have complete control over the system, however it is required in order to run many administrative tasks. Secure4Privilege addresses this problem by providing a mechanism for creating a hierarchical, role-based scheme for controlling program execution, but without the necessity of giving access to the 'root' account. With the increased requirements for full accountability, this tool provides a necessary layer of administrative control and reporting for your systems.

Secure4Privilege capabilities include:

  • An easy-to-use graphical interface with context sensitive help
  • A command line interface to create batch processes such as standard reports
  • Create a hierarchical command privilege structure by asssigning security levels to all users and commands
  • Easily define requirements for user authentication with no scripting language needed
  • Control access type for commands (e.g. local, network, modem, r-command, batch queues...)
  • Limit hosts on which and from which programs can be run
  • Restrict access based on time-of-day and day-of-week
  • Establish maximum runtime restrictions
  • Automatically terminate inactive programs or scripts
  • Set the UID and GID under which to run the program
  • Detect unauthorized changes to executable files
  • Generate an extensive set of account and auditing reports
  • Log all command execution attempts, including what, who, where, and when
  • Optionally log each execution of a particular command; including the date, time, command name, executable program path, and the arguments passed
  • Run an alarm script when a command is invoked outside of its parameters

For more information:

Read the Secure4Privilege technical whitepaper (PDF)...

Read the Secure4Privilege product overview (PDF)...

White Papers