Group Hierarchies with Constrained User Assignment in Linux

In this paper we investigate one aspect of RBAC administration concerning assignment of users to roles. A user-role assignment model can also be used for managing user-group assignment. We overview a constrained user-group assignment model and describe its implementation in the Linux system. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups in Linux. Each user within a group inherits the rights associated with that group. We describe an experiment to extend the Linux group mechanism to include group hierarchies and decentralized user-group assignment can be implemented by means of setgid programs.