JPH11259426A - Computer system and method for managing the same and storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To allow an unauthorized general user to use the execution of a super-user command while security is maintained by allowing a background process means to issue an instruction to a computer system instead of a user in response to an inputted request from a user when the request is a request for an instruction permitted based on the information of a managing means. SOLUTION: A general user inputs a substitute super-user command, for example, 'usrshut' at the time of operating 'shutdown'. Then, a substitute demon 4a preliminarily activated by an (rc) file judges whether or not the user is authorized to user the 'shutdown' command by collating the substitute super- user command with the inputted user name by a management table 9. As the result of the judgement, when the execution of the command is permitted, the 'shutdown' which is originally the super-user command is executed by the substitute demon 4a.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a computer management method, and more particularly, to a computer for which a process which can be executed only by an authorized administrator is specified. The present invention relates to a computer management method suitable for managing workstations and the like.

[0002]

2. Description of the Related Art In some computer systems, an administrator is defined, and processing that can be executed only by the determined administrator is limited. For example, in a computer having UNIX as an operating system, an administrator called a superuser is set, and only the superuser has authority to execute a specific command. Hereinafter, this is referred to as a superuser command. Therefore, in UNIX, when using a computer, it is necessary to inform the computer in advance whether the user is a general user or a super user. This is a so-called login, in which a computer performs an authentication operation by inputting a user name and a password.

In order to use a computer as a super user, a super user inputs a user name and a password to inform the computer that he / she is a super user. In the case of UNIX, the user name of the super user is usually “root”. Since the computer asks for a password for this user name, a predetermined password is input, and when the password is authenticated, the computer can be used as a super user.

[0004] When the computer is not in a login acceptance state, the user can switch from a normal general user mode to a super user mode by executing "su" as a command. Authentication is performed by inputting the password of the super user.

When a user logs in as a superuser, he can execute processing such as setting of computer hardware, installation / deletion of system software, network setting, password setting, shutdown, and reboot (restart). For example, in the hardware setting, a connection state with various devices such as a hard disk drive, a CD-ROM drive, and a printer connected to the computer can be set. These operations can be performed with less trouble by being performed by an administrator who is familiar with the system.

In addition, user registration, password setting,
Changes can only be performed by a superuser. By managing in this way, intrusion of outsiders can be prevented, and security is ensured.

[0007] By allowing only authorized administrators to perform specific processing, a general user may accidentally delete hardware or software information or intrude by an outsider. Can be prevented, and the operation of the computer system can be performed smoothly.

[0008]

SUMMARY OF THE INVENTION As described above, UNIX
In a computer management method typified by (1), only an authorized administrator has a right to access a specific process or a specific area, so that it is possible to enhance security. When the manager is absent, there is a disadvantage that some operations cannot be performed. For example, in a situation in which the computer must be shut down due to some kind of trouble, even if a general user shuts down the computer, the command "shutdown" is only available to the super user. And have them perform a shutdown operation. Therefore, if the super user is absent in such a situation, a situation may occur in which no one can perform the shutdown.

[0009] From such a problem, Japanese Unexamined Patent Publication No. 3-3665 has
No. 6 discloses a method for solving the above-mentioned problem at the end of computer system operation. According to this method, a command is described directly in the user information registration file of the operating system, and the operation of the system is terminated, that is, the system is shut down. In the user information registration file, one line describes a user login name for terminating the system operation, a user password, a user ID, a comment, a path name (shell) of a program to be started at the time of login, and the like. . This user is a so-called general user, who cannot normally shut down. According to the present invention, according to the access restriction mechanism supported by the operating system, the execution authority of the shutdown command is given in advance to the user for ending the system operation management, and the user having the ID registered in the user information registration file However, if you log in with the system operation end user login name and password,
If you are authenticated and the information provided is correct,
Execute the shell registered in the user information registration file. The content of this shell is "/ etc / shutdo
wn ", and the operation is automatically terminated.

As described above, a shell for terminating the operation of the system in the user information registration file and a user other than the administrator can be shut down by registering the user information.

However, this method cannot be used in recent systems. In recent UNIX and the like, "shut
At the time of execution of a command such as "down", it is checked whether the command is executed by a super user.
In other words, these commands are permitted only to the superuser by the executor confirmation mechanism inside the command, separately from the execution authority due to the access restriction of the operating system. In Japanese Patent Application Laid-Open No. 3-36656, the user is logged in with the user login name for terminating the system operation, so that authentication is not given and the shutdown work is rejected. As described above, in the recent system, it is becoming impossible to execute the authority given only to the super user unless the user logs in as a super user.

That is, it can be said that the security is higher than that of the conventional system. At the same time, as described above, when it is necessary to use the super user command without interruption, the situation that the super user command cannot be executed if the super user is absent, for example, has reoccurred.

The present invention has been made on the basis of such a problem, and is intended to execute a super user command which can only be used by a genuine specific administrator, while ensuring security and generally having no authority. It is an object of the present invention to provide a method for managing a computer which can be used by a user.

[0014]

According to a first aspect of the present invention, there is provided a computer system in which instructions which can be used only by a specific administrator are set. A background process means for operating, an input means for a user to input a request, a management means for managing at least a user ID, and a management means for managing information of a command among the commands which is permitted to be used by the user; The process means issues a command to the computer system on behalf of the user if the request corresponds to a command permitted based on the information of the management means in response to the user request input from the input means. It is a feature. Here, the background process means may be started when the computer system is started, and may always be operated by the administrator process while the computer system is operating.

Another feature of the present invention is that the user ID includes a user's personal ID, a group ID to which the user belongs, a network ID to which the user belongs, and a terminal ID used by the user. Wherein at least one of the following is included.

According to another feature of the present invention, the apparatus further comprises storage means for storing a user request, wherein the user request input from the input means is stored in the storage means, and the background processing means is provided. Is characterized by reading a user request stored in the storage means.

Another feature of the present invention is that the background process means accesses the storage means periodically and monitors the stored information.
Further, the background processing means may delete the information stored in the storage means after reading the user's request from the storage means.

According to another feature of the present invention, the background processing means, when issuing an instruction,
When processing to be performed prior to an instruction is required, the instruction is issued after the processing is performed.

Another feature of the present invention is that a signal transmitted from a device connected to an inside or outside of a computer system is used as a user's request.

A specific computer system management method according to the present invention is a computer system management method in which instructions that can be used only by an administrator are set, and a background process that operates on the administrator side process includes: Regarding the request input by the user, the request is a request corresponding to the permitted command based on at least the user ID and a management table that manages information relating to the command of which the user is permitted to use the command. If present, it issues a command to the computer system on behalf of the user. Here, the background process may be started when the computer system is started, and may always be operated by the administrator process while the computer system is operating.

Another feature of the present invention is that the user ID includes the user's personal ID, the group ID to which the user belongs, the network ID to which the user belongs, and the terminal ID used by the user. Wherein at least one of the following is included.

According to another feature of the present invention, the input user request is stored in a storage unit, and the background process reads the user request stored in the storage unit. .

Another feature of the present invention is that the background process periodically accesses the storage unit and monitors the stored information. Also,
The background process may delete the information stored in the storage unit after reading the user's request from the storage unit.

Another feature of the present invention is that, when issuing a command, if a process to be performed prior to the command is required, the background process issues the command after performing the process. And

Another feature of the present invention is that a signal transmitted from a computer system or an externally connected device is used as a user's request.

According to the recording medium of the present invention, a computer system in which an instruction that can be used only by a specific administrator is set, a background process means operating in an administrator side process, and a user inputs a request. An input unit, at least a user ID, a management unit that manages information of a command among the commands that permits use by the user, and a background process unit that responds to a user request input from the input unit. A program is recorded which operates to issue a command on behalf of the user if the request corresponds to a command permitted based on the information of the management means.

Further, a program may be recorded so as to store the request inputted by the user and to operate the computer system so that the background process means reads the request from the storage means.

Since the present invention uses the above-described technique,
Even if an instruction can be used only by a specific administrator, a background process running on the administrator side process may allow a corresponding user request based on the management means. By judging whether or not it is OK, by issuing an instruction corresponding to the request to the computer system, a general user can execute the instruction for the administrator if permitted. Also,
The background process is always running after startup, so the user can issue a request at any time.

According to another feature of the present invention, the command is issued after the background process performs a predetermined process, so that the command can be executed as a procedure actually performed by the administrator.

According to another feature of the present invention, a signal from a computer system or an external device is used as a user's request, so that a cooperative operation between the computer system and another device becomes possible.

By causing a computer system to execute the program recorded on the recording medium of the present invention, even if an instruction can be used only by a specific administrator, a request from a user corresponding to the instruction can be obtained. The background process that operates on the administrator side process determines whether or not to permit based on the management means, and if so, operates the computer system so as to issue an instruction corresponding to the request on behalf of the user. It is possible for a general user to execute a command for an administrator if permitted.

[0032]

DESCRIPTION OF THE PREFERRED EMBODIMENTS A first embodiment of the present invention will be described. In the present embodiment, the operating system has a UNI
A system including X will be described as an example, but the present embodiment is not limited to this.

In UNIX, as described above, there is a difference in the work that can be processed when logging in as a super user and when logging in as a general user. All tasks that can be processed by a general user can be processed in the same way by a super user, but some of the tasks that can be processed by a super user cannot be processed by a general user. Hereinafter, commands that can be used by general users are referred to as general user commands.

FIG. 1 is a block diagram of a system for explaining a computer management method according to the present invention.
FIG. 5 is a flowchart illustrating a flow at the time of startup when the present invention is applied in a UNIX system.

In FIG. 1, a central processing unit 1 is a central part of a computer and a part for centrally managing all controls. The central processing unit may refer to only a processor chip provided in the computer, but in this specification, the central processing unit will be referred to as a central processing unit including the following units. The process control unit 2 handles processes for operating the computer, and operates each process by time sharing or the like. Youper User Process 3
It manages a class of processes that can only be used by superusers in particular. A plurality of processes can be started simultaneously in the superuser process 3, and the proxy daemon 4a and the like are started in FIG. The proxy daemon 4a will be described later in detail.

The process control unit 2 has a general user process 5 in addition to the super user process 3, and the processes included in the general user process 5 can be used by a general user. It is running. The "usinit" process 6 will be described later.

The memory 7 includes a DRAM for temporarily storing data when the computer performs processing, and a read-only ROM.
And so on. The storage device 8 is a hard disk drive, a CD-ROM drive, a floppy disk drive, or the like. The display unit 11 is also connected to the central processing unit 1 such as a screen such as a CRT, a keyboard 12 as a user input device, a printer 13 as an output device, an uninterruptible power supply 14, and the like. Network 15
Is connected to another computer 16 or the like. The uninterruptible power supply 14 is directly connected to the power supply of the computer, and the connection in FIG. 1 is made by connecting signal lines for transmitting other control signals and the like.

Next, the operation at the time of starting the computer will be described with reference to FIG. First, power is turned on (STEP
1), the boot program recorded in the ROM (memory 7) of the computer is started (STEP 2). The boot program usually starts a startup program recorded in the 0th block on the hard disk (storage device 8) (STEP 3). UNIX
Then, the 0th block on this hard disk is an area that cannot be directly accessed by normal file storage commands, so that the startup work can be safely executed without being rewritten accidentally because it is contained here. Can be.

Next, the startup program is "/ b
"file" (STEP 4) ./
boot is a program in the memory 7 of the computer for starting the process control unit 2. Thereafter, the UNIX system is actually activated. After starting, the process control unit 2 performs an error check of the memory 7 and the like, and subsequently, “/ etc / ini” which is one of UNIX processes.
t "(FIG. 14b) (STEP 5). This is a UNIX process that is executed for the first time after the computer is started. The" init "process 4b is executed by the superuser process 3. The" init "process 4b Starts a shell for a single superuser, etc. That is, the superuser can execute the management function by itself here, and various settings can be made before a general user uses it.

The "init" process 4b then proceeds to "/ et
c / rc ”(hereinafter simply referred to as an rc file) (STEP 6). The rc file contains a script for performing settings for smoothly operating the computer.

FIG. 3A shows an example of the rc file. r
Since the c-file is a so-called script, processing is performed in the order described. For example, the second line “P
ATH "sets a search path for a command on a UNIX file system having a hierarchical structure.
“Mount-at 4.2” indicates that if the computer has a local disk, the file system is mounted there. Also, "quotac
"check-a-p" and "quotaon-a"
Specifies disk quota check and activation. The disk quota is a function for controlling a disk space that can be used by each user.

As described above, by executing the rc file, a necessary file system is mounted,
Executes and deletes necessary files, mainly to prepare the file system. At this time, necessary processes are also started.

Thereafter, the multi-user mode is prepared (STEP 7), and the user's login can be accepted (STEP 8).

The above is the general flow at the time of starting UNIX. At this point, the computer is in a state of waiting for the user to log in. When logging in in the super user mode, it is only necessary to input “root” as a login name and a predetermined password. When logging in as a general user, it is possible to log in with a predetermined login name and password. With such a computer startup method, a general user cannot execute a superuser command.

Therefore, in the present invention, the following settings are made in the rc file of STEP 6 executed at the time of startup. This setting is performed by a superuser by editing a script in the rc file. This part of the rc file in FIG. 3B describes a setting for starting a process that is always started. For example, for example,
"Update" is a process that operates to periodically store the contents of the memory 7 in the hard disk (storage device 8), and "cron" is / usr / li (not shown).
This is a process for executing a process defined along a time table file b / crontab. The process started here is a so-called background process, which always runs in the background while the computer is running.

In the present invention, a process "dum" called a proxy daemon 4a is further provided as this background process.
my "is started. Proxy daemon 4
Since a is started in the superuser process, it can execute the superuser command. The proxy daemon 4a monitors a request input from the user, and if the request indicates a super-user command, determines whether the request can be executed. It works to execute. The management table 9 described later is used for this determination.

Every request is input from the user as a command. As described above, the command includes a super user command and a general user command, and whether the command is a super user command or a general user command is determined by the system. Do. In the system of the present invention, the system determines the super user command and the general user command in the same manner as in the prior art. In other words, general users
Execution is denied even if a superuser command is entered.

In the present invention, a general user is referred to as "shutdo".
When the user wants to perform “wn”, for example, a proxy superuser command “usrshut” is input.
"Hut" is not a command originally owned by UNIX, but is set by the super user of this computer, and is defined as a command to be input when a general user wants to shut down. When there is a request for the command “usrshut”, the proxy daemon 4a, which has been started in advance from the rc file, queries the management table 9 for the user name of the user who has input the proxy superuser command, and the user issues the “shutdown” command. If the execution of the command is permitted, the proxy daemon 4a executes "shutdown", which is originally a super user command.

The management table 9 is created in advance by a superuser, and defines information as to which processes (requests) are permitted to which general users. In the management table 9 of FIG. 4A, one superuser command is described in each row, and subsequently, the name of a user who can execute the superuser command is described. The first line is "shutdown", which means that this command can be executed by user A, user B, and user D.

On the other hand, in a definition file (not shown), the correspondence between the superuser command and the corresponding proxy superuser command is defined.
“a” interprets the meaning of the proxy super user command and makes a determination in the management table 9. In the present embodiment, an example is described in which the management table 9 and the definition file are separated.
For example, in FIG. 4A, a column may be provided in which a proxy super user command corresponding to each super user command is provided, and management may be performed in one table.

Since the management table is for associating a user name with a request, it is created so as to list commands permitted for the user name as shown in FIG. 4B, contrary to FIG. 4A. 4 (c), 4
As shown in (d), it is also possible to limit by day of week or time. To set a time limit, "From what time to what time,
Who can execute which command? "Can be set in detail. The management table can be set variously by combining these constraints. In FIG. 4, the user ID is simply described as the user name. For example, the ID of the group to which the user belongs, the ID of the network to which the user belongs,
D or the ID of the terminal used by the user may be used.

This is the flow at the time of basic startup of the present application and at the time of receiving a command from the proxy daemon 4a.
As described above, when a user requests a predetermined proxy super user command, the proxy daemon 4a interprets the command content and the user name, and if a request is made by an authorized user, the proxy daemon 4a replaces the general user. To execute a predetermined super user command.

Next, the processing after accepting the proxy super user command will be described. Proxy daemon 4a
Performs a predetermined operation in a batch process when executing a super user command corresponding to the proxy super user command. For example, when accepting "usrshut" as a substitute superuser command and executing the corresponding superuser command "shutdown", first, when "shutdown" is started, a processing history is left in a log file. This is used to record information such as who executed which command and when, and to confirm what kind of processing has been performed.

Next, a pre-script is executed. This is a script that describes processing for updating data before shutting down when a database or the like is running, or for terminating a running program. Alternatively, a message is sent to the user of another computer 16 connected via the network 15 or the like to shut down.

Next, the proxy super user command passed from the user to the proxy daemon 4a is deleted. This is to prevent the same command from being executed again by mistake the next time it is started. When a series of processing is completed, the operation shifts to an actual stop operation.

Incidentally, the general user passes a proxy superuser command of "usrshut" to the proxy daemon 4a for shutting down, but an argument can be used for the proxy superuser command.

For example, the user process 6 is for requesting various commands to the proxy daemon 4a. To execute this process, the user inputs a command "usinit". Here, "usrini
0, 1, 2, ... are given as arguments of t ", and the request contents are made different depending on the respective arguments.
“Usrinit 0” shuts down, “usri 0
nit 6 ”is the same“ usrinit ”for reboot etc.
But the instructions can be changed by the arguments.

For example, a command “pkgadd” used when installing software accesses a package of a floppy disk, and installs software by using “pkgadd −d / dev / rfd”.
0a ”and an argument. Here, the proxy superuser command“ us ”corresponding to this command is input.
A command “rpkgadd” is set, and the command “usrpkgadd −d / dev / rfd0”
requesting the command "a", the proxy daemon 4a substitutes the superuser command "pkgad" for the general user.
dd / dev / rfd0a ".

The merit of giving an instruction in a method using arguments is that several processes can be instructed at once by adding a plurality of arguments. Many UNIX commands can originally use arguments, but among them, a combination of a command and an argument that are relatively frequently used can be assigned to one argument. For example, UNI
An instruction with an argument of "shutdown + 10" in X starts the shutdown processing after 10 minutes. Or, “shutdown 21:00”
, The shutdown process is started at 21:00. As such, the shutdown operation is often started after a certain period of time without being performed immediately.
Further, there may be a case where a plurality of arguments are involved, as in "shutdown-h now". These are called "us
rinit 3 ”,“ usrinit 4 ”,“ usr
If the setting is made as "init 5" or the like, the processing of a predetermined argument can be performed. The setting of the argument is set in the management table 9 by the superuser, and the proxy daemon 4
a executes processing with reference to this.

In the above description, a request from a general user is input as a proxy super-user command, which is received directly by the proxy daemon 4a. Another method of receiving the request from the general user by the proxy daemon 4a will be described. Here, the input command is temporarily stored in the storage area by the general user-side process 5. For example, the data is written in a file 10 of the storage device 8 called / tmp / userinit_file.

On the other hand, the proxy daemon 4a of the super user process 3 stores the / tmp /
The user_file_file 10 is periodically monitored. For example, check the contents of file 10 every 10 seconds,
If the request from the general user is stored, the request is read out, and if the request is permitted by referring to the management table 9, the process is executed.

Alternatively, this may be stored in the memory 7. The file is relatively easy for other users to see and rewrite, but it is difficult to access information stored in a specific area of the memory 7, and the security is further improved. In the case of the memory 7, there is a high possibility that data will be erased by the time of restart. As described above, the proxy super user command is interpreted by the proxy daemon 4a and then deleted to prevent malfunction. However, if a shutdown request is written to the file 10 and the file is shut down, the contents of the file 10 should be used. If it is not deleted, the shutdown may be started again when it is restarted. Since the memory 7 is normally cleared at the time of restarting, such a problem hardly occurs.

As described above, when a general user requests the proxy super user command, the proxy daemon 4a interprets the command content and the user name, and if the request is a permitted request from a permitted user, the proxy daemon 4a transmits the command to the general user. , A predetermined super user command can be executed.

In this embodiment, the super user process 3 and the general user process 5 are operating in one computer, and the request from the user is processed in the computer. The user may issue a request from another computer 16 via the network 15.

Next, a second embodiment will be described. In FIG. 1, an uninterruptible power supply 14 stores power therein in preparation for a power outage, so that even when a power outage occurs, the stored power continues to operate the computer for a certain period of time so that a shutdown operation or the like can be performed. As a result, irregular termination can be prevented even during a power outage, and safety can be improved. Although the uninterruptible power supply 14 is often connected to the power supply of a computer in recent years, even in this case, the inconvenience that the computer cannot be shut down when the super user is absent has not been solved.

Therefore, in the present embodiment, a mechanism for extracting a control signal from the uninterruptible power supply 14 and transmitting the control signal to the computer is provided. Usually, the power of the computer is only supplied from the uninterruptible power supply 14. The uninterruptible power supply 14 continues the operation of storing power in the power storage unit in a normal state. However, when a power failure occurs, the function is switched to supply power to another device to which the power is connected. At this time, switching of the operation is hardly recognized from the viewpoint of another device. On the other hand, in the present embodiment, the uninterruptible power supply 14
When the function on the side is switched, a signal to that effect is issued from the uninterruptible power supply 14. Uninterruptible power supply 1
The signal indicating the power failure issued from 4 is received by the proxy daemon 4a of the computer, and for example, a shutdown operation is started. That is, in the first embodiment, the proxy daemon 4a executes the super user command in response to the proxy super user command from the general user, but in the present embodiment, the proxy daemon 4a transmits a signal from the uninterruptible power supply 14 It can interpret and execute superuser commands.

As described above, even if a sudden power failure occurs, the uninterruptible power supply 1
4 and the use of the control signal makes it possible to greatly improve the security.

It should be noted that, in an actual embodiment, it is software that causes a computer to perform the above-described operation, and the present invention can be realized by installing the software in the computer. In other words, if a program is created so as to perform the operation of the above-described embodiment and is recorded on a recording medium such as a CD-ROM or a floppy disk, the computer reads and executes the program. The above management can be performed.

[0069]

As described above, if the computer system of the present invention is used, execution of a super user command which can be used only by a real super user, etc., should be performed while securing security and originally. Can be made available to non-privileged general users, so that authorized general users can work on their behalf, even in the absence of a super user when the computer must be shut down in an emergency. .

Further, it is possible to execute a superuser command in response to a signal from another device connected to the computer such as an uninterruptible power supply, thereby maintaining safety in an emergency.

It is software that performs these operations, and the above functions can be provided by installing the software in a computer. Therefore, the software is recorded on a recording medium such as a CD-ROM or a floppy disk. This makes it easier for the computer to read and execute the program.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating an embodiment of the present invention.

FIG. 2 is a flowchart illustrating a flow when a computer is started.

FIG. 3 is a diagram illustrating an rc file.

FIG. 4 is a diagram illustrating an example of a management table.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Central processing unit 2 Process control part 3 Super user process 4a Proxy daemon 4b / etc / init 5 General user process 6 usrinit 7 Memory 8 Storage device 9 Management table 10 / tmp / usrinit_file 11 Display unit 12 Keyboard 13 Printer 14 Uninterruptible power supply Device 15 network 16 another computer on the network

Claims (18)

[Claims] 1. A computer system in which instructions which can be used only by a specific administrator are set, a background process means operating in the administrator side process, an input means for a user to input a request, A management unit for managing information of at least the ID of the user and information of a command among the commands for permitting use by the user, wherein the background process unit requests the user from the input unit A computer system which issues a command to the computer system on behalf of a user if the request corresponds to a command permitted based on information of the management means. 2. The background processing means,
2. The computer system according to claim 1, wherein the computer system is started when the computer system is started, and is always operated by the administrator process while the computer system is operating. 3. The user ID may be any one of a personal ID of the user, a group ID to which the user belongs, a network ID to which the user belongs, and a terminal ID to be used by the user. 3. The computer system according to claim 1, comprising at least one. 4. A storage unit for storing the user's request, wherein the user's request input from the input unit is stored in the storage unit, and the background processing unit is the storage unit. 4. The computer system according to claim 1, wherein the user's request stored in the computer system is read. 5. The background processing means comprises:
5. The computer system according to claim 1, wherein said storage means is accessed periodically and stored information is monitored. 6. The background processing means,
6. The computer system according to claim 1, wherein the information stored in the storage unit is deleted after reading the request of the user from the storage unit. 7. The background processing means,
7. When issuing the command, if a process to be performed prior to the command is required, the command is issued before the command is issued.
Computer system as described. 8. The method according to claim 1, wherein a signal transmitted from a device connected to the computer system or an external device is used as the user request.
The computer system according to 3, 4, 5, 6, or 7. 9. A method for managing a computer system in which instructions that can be used only by a specific administrator are set, wherein a background process that operates on the administrator side process receives a request input by a user. Based on at least the ID of the user and a management table that manages information relating to a command that permits the user to use the command among the commands, if the request is a request corresponding to the permitted command, Issuing a command to the computer system on behalf of a user. 10. The computer system management method according to claim 9, wherein the background process is started when the computer system is started, and is always operated by the administrator process while the computer system is operating. 11. The user ID may be any one of a personal ID of the user, a group ID to which the user belongs, a network ID to which the user belongs, and a terminal ID to be used by the user. 12. The management method for a computer system according to claim 10, comprising at least one. 12. The input request of the user is stored in a storage unit, and the background process reads the request of the user stored in the storage unit. Or the management method of the computer system according to 11. 13. The computer system management method according to claim 9, wherein said background process periodically accesses said storage unit and monitors stored information. 14. The method according to claim 9, wherein the background process deletes information stored in the storage unit after reading the request of the user from the storage unit.
14. The method for managing a computer system according to 10, 11, 12, or 13. 15. The method according to claim 9, wherein, when issuing the command, if a process to be performed prior to the command is required, the background process performs the process and then issues the command. , 10, 11, 12, 13
Or the computer system according to 14. 16. The computer according to claim 9, wherein a signal transmitted from a device connected to the inside or outside of the computer system is used as the user request.
The computer system according to 0, 11, 12, 13, 14 or 15. 17. A computer system in which instructions that can be used only by a specific administrator are set, a background process means operating in the administrator side process, an input means for a user to input a request, At least an ID of the user, management means for managing information of an instruction that permits the user to use the instruction among the instructions, and the background process means responds to a user request input from the input means. A recording medium for recording a program for causing a command to be issued on behalf of a user if the request corresponds to a command permitted based on the information of the management means. 18. The recording medium according to claim 17, wherein a program for operating a computer system such that said background process means reads said request from storage means for storing said request inputted by said user is recorded.