Re: NIS with local root
From: Brian Hatch (focus-linux@ifokr.org)
Date: 01/30/03
- Previous message: Charles Clancy: "Re: NIS with local root"
- In reply to: Kevin Jackson: "Re: NIS with local root"
- Next in thread: Brent J. Nordquist: "Re: NIS with local root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Jan 2003 14:46:55 -0800 From: Brian Hatch <focus-linux@ifokr.org> To: Kevin Jackson <kevin.jackson@genaware.com>
> but surely in such a situation where NIS and NFS is employed -- you won't be
> giving out root passwords to normal untrusted users anyway?!
I dissagree. Every place I've worked that had NIS and NFS would allow
the developers to have root on their machine for administration purposes.
In my opinion all other admins and developers are untrusted users.
But they never thought through the home directory ramifications.
I always kept a skeleton home directory on my machine and
exported it read only to the other boxes, and had my real
home directory only available from my machine.
A heck of a lot more work to maintain it that way, but that's
the price of security in that kind of environment.
-- Brian Hatch Why are a 'wise man' Systems and and a 'wise guy' Security Engineer opposites? http://www.ifokr.org/bri/ Every message PGP signed
- application/pgp-signature attachment: stored
- Next message: Eric Severance: "Re: NIS with local root"
- Previous message: Charles Clancy: "Re: NIS with local root"
- In reply to: Kevin Jackson: "Re: NIS with local root"
- Next in thread: Brent J. Nordquist: "Re: NIS with local root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
