Re: nis : how to avoid user1 becoming user2 using local root ?
From: [Lukasz.Sztachanski] (szati_at_rudy.mif.pg.gda.pl)
Date: 03/27/04
- Previous message: Christoph Moench-Tegeder: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- In reply to: Frédéric Médery: "nis : how to avoid user1 becoming user2 using local root ?"
- Next in thread: Murf: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 27 Mar 2004 20:16:56 +0100 To: focus-linux@securityfocus.com
> our situation :
> All linux servers, all nfs share use the root_squash option.
> We're using NIS
> All developpers can become root on their local machines.
>
> The prob : if user1 do a `su -` on their station. And then, `su user2`
> they can become user2.
>
> For me it's a huge problem (windows don't have this prob, local admin
> are very different from domain/server admin) is there a way to avoid
> this prob ?
>
> Thanks !
hello
... i think there's two easy ways to prevent such situations:
1) sudo - developpers can run programs as root, without becoming
sys-admin ( it's very safe)
2)you can create diffrent uid(0) gid(0) users (roots , eg.
aroot, broot, croot..) and invigilate log file sulog.
there's many,many other ways, but i think this is easy way to
solve this prob.
regards,
-- |Name.:.....................[Lukasz.Sztachanski]| |WWW..:.......[http://rudy.mif.pg.gda.pl/~szati]| |Mail.:............[szati<at>rudy.mif.pg.gda.pl]|
- application/pgp-signature attachment: stored
- Previous message: Christoph Moench-Tegeder: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- In reply to: Frédéric Médery: "nis : how to avoid user1 becoming user2 using local root ?"
- Next in thread: Murf: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
