Home

RunasSpec

RunasSpec is a proposed specification for describing run-as policies in computing environments. It provides a formal schema for expressing how and under what identities a process may execute commands or programs on behalf of another user. The goal is to enable consistent policy definition, auditing, and cross-system interoperability in privilege-management frameworks across operating systems, containers, and orchestration platforms.

The specification defines a policy document that includes subject identifiers (the initiating user or service), target

Syntax and formats are described as machine-readable schemas with preferred encodings in JSON and YAML, plus

History and status: RunasSpec has appeared in security literature and industry forums as a conceptual standard;

identities
(the
impersonated
user),
allowed
actions
(execute,
read,
write),
scope
(system,
application,
container),
constraints
(time
windows,
source
endpoints,
environment
restrictions),
and
auditing
metadata.
It
supports
declarative
rules
that
can
be
evaluated
by
policy
engines
embedded
in
platforms
or
by
central
authorization
services.
Common
features
include
inheritance
of
permissions,
whitelisting
versus
blacklisting,
and
mechanisms
for
fallback
or
default
rules.
optional
bindings
to
existing
access-control
models
such
as
RBAC
or
ABAC.
The
design
emphasizes
security
considerations,
including
least-privilege
enforcement,
robust
auditing,
and
tamper-evident
policy
storage.
several
vendors
have
prototyped
implementations,
but
there
is
no
universal
ratification.
See
also:
run
as,
sudo,
privilege
escalation,
policy-as-code.