The basic idea behind Medusa is really simple. Before execution of certain operations, the kernel asks the authorization server (Constable) for confirmation. The authorization server then permits, forbids or changes the operation. The authorization server and kernel talk to each other . . .
The basic idea behind Medusa is really simple. Before execution of certain operations, the kernel asks the authorization server (Constable) for confirmation. The authorization server then permits, forbids or changes the operation. The authorization server and kernel talk to each other through the special device: /dev/medusa. In this way, an administrator can create his own security model, which can complete or override the original UNIX model. I have told you the principle is simple; however, the actual implementation is a bit complicated. If you are interested in how, see Resources.

The link for this article located at Linux Journal is no longer available.