Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: nis : how to avoid user1 becoming user2 using local root ?
From: Brian Hatch (briifokr.org)
Date: Sat Mar 27 2004 - 19:03:24 CST
> All linux servers, all nfs share use the root_squash option.
> We're using NIS
> All developpers can become root on their local machines.
> The prob : if user1 do a `su -` on their station. And then, `su user2`
> they can become user2.
> For me it's a huge problem (windows don't have this prob, local admin
> are very different from domain/server admin) is there a way to avoid
> this prob ?
Nope. Not with NFS. NFS uses a 'trust the client' security model.
If you give users the ability to become root on their machines,
they can become any user locally, and can access the NFS server as
Later versions of NFS hope to address this problem. Or you can
try alternate mounting options, such as afs, or even smbmount.
Brian Hatch Lord, save me
Systems and from your followers.
Every message PGP signed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----