vsys: an alternative to sudo


vsys provides a safe mechanism for non-privileged users to execute privileged commands. This facility is especially important in virtualized environments, in which users are not only restricted but also isolated. The mechanism is safe, as (i) the commands available to a user (or virtual guest) are a predetermined set of executable files, which can control the extent of access that the slice has to the foreign context at a very fine grain and (ii) the authentication mechanism of vsys relies on file-system or usenix-permission-based isolation and does not require any explicit negotiation when privileged services are invoked. vsys services are executable files placed in a specific directory in the serving context. Slices that subscribe to these services are populated with a pair of fifo pipes (or unix domain socket) for each available service. These pipes or sockets respectively become the input and output channels to communicate with the service. For example, a script that would let a user fetch the list of slices from its home site would look like this:


# Get the slice name ($ARGV[0])

open PWD, "/etc/passwd";
while () {
if (/$slice_site/) {
print $_;
close PWD;


This documentation is about 3 years old. It will be updated soon. In the meantime, please get in touch with me (sapanb à cs princeton edu) if you want to get started using this tool.
Documentation on using vsys and privilege allocation using vsys. Vsys documentation (html) Vsys documentation (pdf)


vsys-1.0 Minor tweaks and optimizations. Much testing for stability.
vsys-0.8 Many bug fixes.
vsys-0.6 Fixed a build issue.
vsyssh A program that lets slices use native UNIX tools, eg. tail, cat, grep etc. with vsys scripts.

Source code

Source code documentation

Back to my home page.