Re: nis : how to avoid user1 becoming user2 using local root ?
From: Brian Hatch (bri_at_ifokr.org)
Date: 03/28/04
- Previous message: Nick Lopez: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- In reply to: Frédéric Médery: "nis : how to avoid user1 becoming user2 using local root ?"
- Next in thread: Daniel Souza: "Re: how to avoid user1 becoming user2 using local root ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 27 Mar 2004 17:03:24 -0800 To: Fr?d?ric M?dery <mederyf@LEXUM.UMontreal.CA>
> All linux servers, all nfs share use the root_squash option.
> We're using NIS
> All developpers can become root on their local machines.
>
> The prob : if user1 do a `su -` on their station. And then, `su user2`
> they can become user2.
>
> For me it's a huge problem (windows don't have this prob, local admin
> are very different from domain/server admin) is there a way to avoid
> this prob ?
Nope. Not with NFS. NFS uses a 'trust the client' security model.
If you give users the ability to become root on their machines,
they can become any user locally, and can access the NFS server as
that user.
Later versions of NFS hope to address this problem. Or you can
try alternate mounting options, such as afs, or even smbmount.
-- Brian Hatch Lord, save me Systems and from your followers. Security Engineer http://www.ifokr.org/bri/ Every message PGP signed
- application/pgp-signature attachment: Digital signature
- Previous message: Nick Lopez: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- In reply to: Frédéric Médery: "nis : how to avoid user1 becoming user2 using local root ?"
- Next in thread: Daniel Souza: "Re: how to avoid user1 becoming user2 using local root ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
