Re: Security Configuration Settings?

From: James Lick (jlick_at_drivel.com)
Date: 09/23/04

  • Next message: Gregory Hicks: "Re: Security Configuration Settings?" 
    Date: Thu, 23 Sep 2004 13:59:56 +0800

    El C0chin0 wrote:

    >On the above mentioned page under "Access Controls" section 4 'Only add accounts for users who require access to the system. If using NIS, use the compat mode by editing the /etc/nsswitch.conf file:
    >
    >passwd: compat'
    >
    >I don't understand and haven't been able to find anything related to what describes 'compat'. Can any one provide me with why it is a good measure to change this from 'files' to 'compat' and what other changes may be necessary or what exactly is the difference?
    >
    >

    The compat keyword means that the passwd file emulates that behavior in
    SunOS 4.x where you could use NIS as your nameservice, but list in your
    /etc/passwd file which users and netgroups are included or excluded via
    lines starting with + or -. Normally when using NIS, anyone in the name
    service can log into the system. This is not a good idea when you want
    to restrict access to only a small set of people.

    The usual alternative is to not use NIS and manually add in the users
    you want. This has some management issues such as user ids and
    passwords not being consistent, and makes it harder to ensure you remove
    someone's access completely if their employment ends. With compat mode
    you can create a netgroup of users in NIS and just include that netgroup
    with one line in your passwd file, or you can add or bar people by
    username so that their NIS entry is used and a separate passwd entry is
    not needed, and they lose access once they are removed from NIS.

    For more information:

    man -s 4 nsswitch.conf
    man -s 4 passwd 

    -- 
James Lick -- 黎建溥 -- jlick@jameslick.com -- http://jameslick.com/
  • Next message: Gregory Hicks: "Re: Security Configuration Settings?"

    Relevant Pages