RE: NFS Security Question

From: Darren Moffat (Darren.Moffat@eng.sun.com)
Date: 08/13/01


Message-Id: <200108132121.f7DLLoB783162@jurassic.eng.sun.com>
Date: Mon, 13 Aug 2001 14:20:33 -0700 (PDT)
From: Darren Moffat <Darren.Moffat@eng.sun.com>
Subject: RE: NFS Security Question
To: molson@crystal.cirrus.com, rick.devey@unisys.com


>I would recommend that you remove the su command or remove root access all
>together and use either rbac or sudo for the execution of root commands and
>not allow people to su to specific users. I currently don't allow any su

Don't remove su if you intend to use RBAC with roles since su is how
you assume a role.

You can also assign the privelged commands directly to the user and
give them one of the profile shells, but using roles is much easier to
manage and forces a concious action on the user about what they are doing
as whom and why.

>access but use NFS for home directories. I give users the ability to
>execute commands as root with "sudo" but they never actually become root.
>So in you example Joe could never become bob but would still be able to do
>his job.

This assumes that you as an admin actually have control of all the
client machines, this might not be the case. In today's world of VPNs
and working from home it is quite likely that the client machine is in
the users control not the control of the same people who run the file servers.

The correct and only safe solution is to use Secure RPC with AUTH_DES (aka
AUTH_DH) or RPCSEC_GSS with Kerberos - see my other post for more details.

--
Darren J Moffat