Title: The Operator Shell: A Means Of Privilege Distribution In
Unix  
Authors: Michael Neuman  Gary Christoph    
File name:pubdocaccess_controlosh.sansII.ps.Z  
File size: 36922 bytes 

Abstract: The Operator Shell (Osh) is a setuid root, security
enhanced, restricted shell for providing fine-grain distribution
of system privileges for a wide range of usages and requirements.
Osh offers a marked improvement over other Unix privilege
distribution systems in its ability to specify access to both
commands and files, auditing features, and familiar interface.
This paper describes the design, features, security
considerations, internals, and applications of the Operator
Shell.