SUMMARY: SU to any user as root

From: Andrew Watkins (
Date: Thu Sep 19 1996 - 11:06:03 CDT


My question was:

> We all know the security problems of a Root user
> on any workstation su'ing to another user on your
> network and accessing there files (or by adding
> entries to /etc/passwd)
>But I thought that moving to NIS+ would block this security
>hole. Is this correct?

Well I had a mixture of answers and it is unclear if it can be solved.
I have tried using NIS+ and secureNFS, but without any luck, which is
what one person suggested. But it may be I was doing it incorrectly.
I will try again at a later date.

It looks like Kerberos is the correct answer, but without the software and
kerberos application I can not try it.

It was also suggested that I should use "sudo" and not give the Root
password to anyone, but this is not the point, plus in a University
it is impossible [The people who have obtained the money want complete
control of that machine and also want to be connected to the network for NFS].

All I have to say is that if you are automounting home directories to
all workstations, your users files are in danger from a root attack
if some one breaks in!!

I guess the solution is that you must make sure ALL workstations
all completely secure and not just your servers.

Thanks to all who replied:


Andrew Watkins

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:10 CDT