|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: nis : how to avoid user1 becoming user2 using local root ?
From: Brian Hatch (bri
ifokr.org)
Date: Sat Mar 27 2004 - 19:03:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> All linux servers, all nfs share use the root_squash option.
> We're using NIS
> All developpers can become root on their local machines.
>
> The prob : if user1 do a `su -` on their station. And then, `su user2`
> they can become user2.
>
> For me it's a huge problem (windows don't have this prob, local admin
> are very different from domain/server admin) is there a way to avoid
> this prob ?
Nope. Not with NFS. NFS uses a 'trust the client' security model.
If you give users the ability to become root on their machines,
they can become any user locally, and can access the NFS server as
that user.
Later versions of NFS hope to address this problem. Or you can
try alternate mounting options, such as afs, or even smbmount.
--
Brian Hatch Lord, save me
Systems and from your followers.
Security Engineer
http://www.ifokr.org/bri/
Every message PGP signed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAZiRbP+Nf30gFDwERAoAbAJ93OafMq4gJsz9yB98MTZC2NTQurwCeOVAD
puXV3CaY2NvvUqoAHfwnup4=
=qvY+
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]