This paper describes the mechanisms employed to control access to system services on the IFS project. We base our distributed computing environment on systems that we trust, and run those systems in physically secure rooms. From that base, we add services, modifying them to interoperate with existing access control mechanisms. Some weaknesses remain in our environment; we conclude with a description of present vulnerabilities and future plans.