RE: NFS Security Question
From: Devey, Rick J. (rick.devey@unisys.com)Date: 08/13/01
- Previous message: Chuck Davis: "Re: NFS Security Question"
- Maybe in reply to: McGee Olson: "NFS Security Question"
- Next in thread: Hal Flynn: "Re: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <245F259ABD41D511A07000D0B71C4CBA58F5E5@us-slc-exch-3.slc.unisys.com> From: "Devey, Rick J." <rick.devey@unisys.com> To: "'McGee Olson'" <molson@crystal.cirrus.com> Subject: RE: NFS Security Question Date: Mon, 13 Aug 2001 15:28:32 -0500
I would recommend that you remove the su command or remove root access all
together and use either rbac or sudo for the execution of root commands and
not allow people to su to specific users. I currently don't allow any su
access but use NFS for home directories. I give users the ability to
execute commands as root with "sudo" but they never actually become root.
So in you example Joe could never become bob but would still be able to do
his job.
Rick Devey
UNISYS Global Outsourcing
Unix System Analyst
480 N. 2200 West
Salt Lake City, UT 84116-0800
801-594-5802
mailto:rick.devey@unisys.com
www.unisys.com
>
> McGee Olson <molson@crystal.cirrus.com> wrote asking:
>
> >So, the scenario goes like this. You have two users "joe" and "bob".
> >You have two machines "foo" and "bar". "foo" and "bar" both satisfy
> >(3) and (4) above, and each has a different root password. "joe" has
> >root on "foo", and "bob" has root on "bar". "joe" logs in as root on
> >"foo", and then he executes the line "su - bob". Now, "joe" is logged
> >in as "bob" and has all the permissions associated with the "bob"
> >account.
> >
> >Is there anyway to stop this from happening?
- Previous message: Chuck Davis: "Re: NFS Security Question"
- Maybe in reply to: McGee Olson: "NFS Security Question"
- Next in thread: Hal Flynn: "Re: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
