Sysctl: A distributed system control package

Abstract

The sysctl package is an authenticated client/server system for executing remote commands. It is conceptually similar to rsh, but adds Kerberos[1] authentication, an ACLbased command authorization mechanism, and a programmable Tcl-based[2] command language in its server. The sysctl server component, sysctld, is a daemon that runs on all workstations. The client component lets users send sysctl commands to a sysctld server. If the user is authorized for the requested operation, the server executes it on behalf of the user and sends back the result. The operations sent by the user are processed at the server using a built-in command interpreter and can range from a single sysctl command to a complex sysctl script. The server has a multi-level authorization scheme to guard against unauthorized access to commands. The sysctl server uses the embeddable command language Extended Tcl[3] as the foundation for its built-in interpreter. The server can dynamically link in external shell commands and Tcl procedures to integrate existing management tools or create new global or service-specific commands. Once a command is created inside a server's interpreter, it is accessible to any authorized user from any workstation. Sysctl uses the Kerberos authentication service for reliable third-party authentication, a prerequisite for authorization checking in a distributed computing environment. The server's built-in authorization mechanism provides granularity down to the individual command level.