Re: NIS with local root
From: Kilian CAVALOTTI (kilian.cavalotti@crans.org)
Date: 01/30/03
- Previous message: Kevin Jackson: "Re: NIS with local root"
- In reply to: Kevin Jackson: "Re: NIS with local root"
- Next in thread: Kevin Jackson: "Re: NIS with local root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kilian CAVALOTTI" <kilian.cavalotti@crans.org> To: "Kevin Jackson" <kevin.jackson@genaware.com>, <focus-linux@securityfocus.com> Date: Thu, 30 Jan 2003 17:30:07 +0100
Kevin Jackson wrote:
> Not entirely true.
> Its the NFS export options - i.e. root_squash that needs to be used.
>
> /export/home @netgroup(rw,root_squash)
> /export/home adminpc(rw,no_root_squash)
>
> only adminpc's root can modify files.
You're right when you say that root@netgroup can't directly modify
users' NFS mounted files. But, as previously said, everybody being root
on a @netgroup computer can 'su - user' and modify any file owned by
"user".
NIS+NFS is definitively "at risk" as long as any @netgroup user knows
root password (or is in sudoers).
-- Kilian CAVALOTTI | GPGKeyId: 0xD657340C BOFH excuse #236: Fanout dropping voltage too much, try cutting some of those little traces
- Next message: Kevin Jackson: "Re: NIS with local root"
- Previous message: Kevin Jackson: "Re: NIS with local root"
- In reply to: Kevin Jackson: "Re: NIS with local root"
- Next in thread: Kevin Jackson: "Re: NIS with local root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
