next up previous
Next: Using Vsys

VSys: A Privilege Allocation Tool

Sapan Bhatia
Princeton University


Privilege allocation is an essential feature of Operating Systems that prevents users from abusing system resources and from bypassing admission control. There are several methods to implement such allocation: using programs such as sudo and Proper; through OS virtualization; etc. Vsys provides yet another means to this end and can function in conjunction with existing tools. Using Vsys, an administrator can deploy scripts that arbitrate access to specific system resources and data based on the requirements of one or more users. Users access these scripts (and hence the resources they arbitrate) through FIFO pipes. The advantages of using Vsys include the ability to develop scripts in an arbitrary programming language, the ability to deploy scripts dynamically and the ability to restrict access at a fine grain, e.g. giving a user partial access to a file. Furthermore, Vsys scripts can be accessed through simple UNIX tools such as cat, echo and grep. This document describes the design and implementation of VSys and its use on and off PlanetLab.