Re: nis : how to avoid user1 becoming user2 using local root ?

From: [Lukasz.Sztachanski] (szati_at_rudy.mif.pg.gda.pl)
Date: 03/27/04

  • Next message: Murf: "Re: nis : how to avoid user1 becoming user2 using local root ?"
    Date: Sat, 27 Mar 2004 20:16:56 +0100
    To: focus-linux@securityfocus.com
    
    
    

    > our situation :
    > All linux servers, all nfs share use the root_squash option.
    > We're using NIS
    > All developpers can become root on their local machines.
    >
    > The prob : if user1 do a `su -` on their station. And then, `su user2`
    > they can become user2.
    >
    > For me it's a huge problem (windows don't have this prob, local admin
    > are very different from domain/server admin) is there a way to avoid
    > this prob ?
    >
    > Thanks !
    hello

            ... i think there's two easy ways to prevent such situations:

            1) sudo - developpers can run programs as root, without becoming
            sys-admin ( it's very safe)
            
            2)you can create diffrent uid(0) gid(0) users (roots , eg.
            aroot, broot, croot..) and invigilate log file sulog.

            there's many,many other ways, but i think this is easy way to
            solve this prob.

    regards,

    -- 
    |Name.:.....................[Lukasz.Sztachanski]|
    |WWW..:.......[http://rudy.mif.pg.gda.pl/~szati]|
    |Mail.:............[szati<at>rudy.mif.pg.gda.pl]|
    
    



  • Next message: Murf: "Re: nis : how to avoid user1 becoming user2 using local root ?"

    Relevant Pages