Patent attributes
A computer device and method for managing privilege delegation to control execution of commands on files on the computer device is described. An agent plugin intercepts a request in a user account of a logged-in user to execute a command therein on a file having first privileges assigned thereto, wherein the agent plugin is provided for the file. The agent plugin obtains information related to the request and forwards the information to an agent service cooperating with an operating system of the computer device. The agent service determines whether to execute the command on the file in the user account according to second privileges different from the first privileges. The agent service launches an agent proxy process having the second privileges assigned thereto by the agent service if it is determined to execute the command on the file in the user account according to the second privileges. The agent proxy process causes the command to be executed on the file in the user account by the operating system, according to the second privileges assigned to the agent proxy process.
