Hosting Provided By

Re: NIS with local root

From: Brian Hatch <focus-linux(at)ifokr.org>
Date: Thu Jan 30 2003 - 17:46:55 EST

> but surely in such a situation where NIS and NFS is employed -- you won't be
> giving out root passwords to normal untrusted users anyway?!

I dissagree. Every place I've worked that had NIS and NFS would allow the developers to have root on their machine for administration purposes. In my opinion all other admins and developers are untrusted users. But they never thought through the home directory ramifications.

I always kept a skeleton home directory on my machine and exported it read only to the other boxes, and had my real home directory only available from my machine.

A heck of a lot more work to maintain it that way, but that's the price of security in that kind of environment.

--
Brian Hatch                  Why are a 'wise man'
   Systems and                and a 'wise guy'
   Security Engineer          opposites?
http://www.ifokr.org/bri/

Every message PGP signed

application/pgp-signature attachment: stored

Received on Thu Jan 30 18:23:30 2003

This message: [ Message body ]
Next message: Brent J. Nordquist: "Re: NIS with local root"
Previous message: Charles Clancy: "Re: NIS with local root"
In reply to Kevin Jackson: "Re: NIS with local root"
Next in thread: Brent J. Nordquist: "Re: NIS with local root"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:19 EDT

Do you need help?