Hi, i'm back,
my original question was:
>>I have to export (rw) filesystems to machines (Sparcs, SunOS 4.1.1, NIS),
>>that may have root passwords flying around the house.
>>Does anyone have an idea to stop someone from
>>root# su user (no password necessary,NIS)
>>root# more /nfs/user/secret_mystery
>>or is the answer just: no, don't export!
One answer is: use secure rpc and export/mount filesystems with
the option secure.
This way (when someroot su'd you on a client, meaning not
having come via login and giving your password) bad/wo/man has to supply
a password with the keylogin command.
The traditional NFS-mount lets badroot do anything with goody_user files
(dispite the difficulties of being mapped to nobody
with no -root option in /etc/exports)
Else: get all the root-passwords and change them!
Thanks for the help of:
== J. Holzfuss bitnet: email@example.com ==
== IAP, TH Darmstadt internet: firstname.lastname@example.org ==
== Schlossgartenstr.11 voice: +/49-6151-162884 ==
== 6100 Darmstadt, FRG ==
If I let go a hammer on a planet having a positive gravity,
I need not see it fall to know that it has, in fact, fallen.
-- Spock, "Court Martial," stardate 2948.9.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:13 CDT