O-ARMOR: UNIX® Armor

By The Open Group

Security is at the forefront of the IT industry today. Customers are looking for secure solutions that solve their IT challenges. Permissions and privacy are just a few of the security features that are highly sought after.

The latest UNIX® standard has evolved to meet industry demands with the addition of the Authorization Role Managed On RBAC, also known as O-ARMOR, an Open Group standard. While access controls through users, group IDs, and permissions have long been a requirement of the standard, the increasing demands of enterprise customers drove adoption with UNIX software and systems vendors. The days of using chmod 777 are no longer a viable way to share files, executable, or just giving every user root permissions. Moreover, even sharing the root password with administrators is not a good security practice.

Multi-user operating systems must innovate in today’s threat landscape. An IT governance and best practice necessitates giving the right people the right access at the right time. Look at the case of Edward Snowden, who had what most would say was unfettered access to data, which later was leaked in an embarrassing and damaging way . Enter role-based access control (RBAC), which is a policy neutral access control mechanism defined around roles and privileges with components such as role-permissions, user-role and role-role relationships. With RBAC, storage administrators can now have access to data and commands to do their job. On UNIX systems, Human Resources personnel can be given access to confidential information that general users would not.

The O-ARMOR standard defines a set of administrative roles consistent with generally accepted tasks assigned to system administrators. These roles can be customized to include the appropriate applications for each compliant UNIX system. The standard also provides an application programming interface (API) through which privileged applications can grant access to authorized users and roles. The strength of O-ARMOR is that the roll-based access controls can be consistently implemented and executed on systems running the same compliant operating system and even across heterogeneous operating systems that are compliant.

Being “armored” means better access control resulting in better security simplifying management of those access controls across the data center.

If you care about security, or ease of security management, ask your system vendor if their operating systems are UNIX certified with RBAC and complies with the O-ARMOR standard.

Learn more about the UNIX operating system by watching The Journey of Innovation video.