Re: NIS with local root
From: Kevin Jackson (kevin.jackson@genaware.com)
Date: 01/30/03
- Previous message: Kilian CAVALOTTI: "Re: NIS with local root"
- In reply to: Kevin Jackson: "Re: NIS with local root"
- Next in thread: Charles Clancy: "Re: NIS with local root"
- Reply: Charles Clancy: "Re: NIS with local root"
- Reply: Brian Hatch: "Re: NIS with local root"
- Reply: Brent J. Nordquist: "Re: NIS with local root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Kevin Jackson <kevin.jackson@genaware.com> To: focus-linux@securityfocus.com Date: Thu, 30 Jan 2003 16:47:56 +0000
Yes - root can still su to the user and then modify the files using the
half-baked idea I gave (which is good practice anyway!) --
but surely in such a situation where NIS and NFS is employed -- you won't be
giving out root passwords to normal untrusted users anyway?!
I know sometimes it can't be avoided in some situations -- if that's the case
then you may want to look at alternatives - NIS+ was mentioned.
... and I'll shut up now (and hoping people will stop replying personally
saying:
yes, but he can su - user and modify the files that way
!!!)
;-)
Kev
On Thursday 30 January 2003 9:31 am, Kevin Jackson tapped frantically at the
keyboard:
> Not entirely true.
> Its the NFS export options - i.e. root_squash that needs to be used.
-- Kevin Jackson Systems Administrator Locate, Enquire, Empower GenaWare Limited www.genaware.com Adamson House Towers Business Park Wilmslow Road Manchester M20 2YY United Kingdom Email: kevin.jackson@genaware.com Tel: +44.161.955.4376 Fax: +44.161.955.4305 ------------------------------------------------------------------------ PRIVILEGED - PRIVATE AND CONFIDENTIAL This email and any files transmitted with it are intended solely for the use of the addressee(s) and may contain information which is confidential or privileged. If you receive this email and you are not the addressee (or responsible for delivery of the email to the addressee), please disregard the contents of the email, delete the email and notify the author immediately. Before opening or using any attachments, please scan them for viruses and defects. We do not accept any liability for loss or damage, which may arise from your receipt of this e-mail. Our liability is limited to re-supplying any affected attachments.
- Next message: Systems Group (Isaac): "Re: NIS with local root"
- Previous message: Kilian CAVALOTTI: "Re: NIS with local root"
- In reply to: Kevin Jackson: "Re: NIS with local root"
- Next in thread: Charles Clancy: "Re: NIS with local root"
- Reply: Charles Clancy: "Re: NIS with local root"
- Reply: Brian Hatch: "Re: NIS with local root"
- Reply: Brent J. Nordquist: "Re: NIS with local root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
