Re: Directory permissions (keep root out)
From: Casper H.S. Dik (Casper.Dik_at_Sun.COM)
Date: 02/02/04
- Next message: Casper H.S. ***: "Re: Directory permissions (keep root out)"
- Previous message: Andre': "Password denied in some programs"
- Maybe in reply to: LEE Sau Dan: "Re: Directory permissions (keep root out)"
- Next in thread: Casper H.S. ***: "Re: Directory permissions (keep root out)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 02 Feb 2004 12:54:08 GMT
"D. Hampton Finger" <locnar@iat.utexas.edu> writes:
>We have thought about NFS mounting a directory from a more secure host
>and then instantiating "root-squash", but that still doesn't preclude
>using su to get in as one of the authorized users. Is there a group
>authenticator we could utilize that would make access to the directory
>dependant on not just a user name but a password?
I'm afraid that you cannot do that; even if you use crypto to protect the
content, the super user can still get at it by capturing keys and such.
Is it possible to license the system administrator under the
Export rules? Before we had some sort of blanket authorization to
use "US" crypto in most of our offices, I had a personal Crypto Export
license which allowed me to use and play with export restricted
software in the Netherlands.
Casper
-- Expressed in this posting are my opinions. They are in no way related to opinions held by my employer, Sun Microsystems. Statements on Sun products included here are not gospel and may be fiction rather than truth.
- Next message: Casper H.S. ***: "Re: Directory permissions (keep root out)"
- Previous message: Andre': "Password denied in some programs"
- Maybe in reply to: LEE Sau Dan: "Re: Directory permissions (keep root out)"
- Next in thread: Casper H.S. ***: "Re: Directory permissions (keep root out)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
