|CCL HomeSoftware Community Operations||
The Cooperative Computing Laboratory Sub-Identity Toolkit is a set of utilities and a Pluggable Authentication Module that provides users with the ability to create sub-users of themselves. Standard Unix permissions checks prevent these subordinate users from accessing their parent user's files.
The Toolkit comes packaged with a set of five utilities and a pluggable authentication module, pam_subid.so. The utilities and their purposes are as follows:
The pluggable authentication module, pam_subid.so, allows various programs and services (such as 'su') to check whether the named user is a subuser of the calling user, and implicitly allow such actions. So, if there is a line in /etc/pam.d/su saying auth sufficient pam_subid.so, then if alice has a sub-user bob, then alice can 'su bob' without having to enter a password. The module is, however, somewhat incomplete, and suggestions/patches are quite welcome.
The latest release can be downloaded from here: subid-current.tgz.