In <1qm4neINNlr3@sbusol.rz.uni-sb.de> email@example.com (Alexander Bachmann) writes:
>We don't remove remove the NIS passwd entries for users with -user
>(or -@netgroup) because this will cause trouble with email, when a
>user is not known on the mail-server.
I have successfully broken into (my own) machines this way. Create a .forward
with something like '|xterm -display machine_I_can_use:0' in it and then send
yourself some mail. With NFS disks, it's easy to create .forwards on other
If you do go with the '-@netgroup' option, make sure local mail sent out has
full hostnames so that when a user on a restricted machine replies to mail from
a restricted user it won't be a local delivery to the restricted machine. Or
use a central mailhost/MX stuff and deliver all mail on one machine only.
(Did that make sense?)
-- | "Those who suppress freedom always Rob Quinn | | do so in the name of law firstname.lastname@example.org | | and order." --John Lindsay QuinnBob@KSUVM.BITNET |
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:45 CDT