Summary: NFS Security Issue

From: Thomas Vincent (
Date: Wed Apr 19 2000 - 16:27:20 CDT

The network is made up of several Mac OS X and Sun machines. The suns are
using NIS, and the Mac OS X are using Netinfo (NeXT/Apple directory
service.) The users have root on there local workstation. They NFS mount
there home directories. How do I stop a userA from su - then su - userB and
getting into userB's home directory? Any ideas?

The best suggestion was to create a wheel group. This means only people in
this group can su - to root. This is possible with a little fiddling.
The other good suggestion but not a option was to use Andrew File Services.

Do not export /export/home with root privs in your /etc/dfs/dfstab file.
(Didnt' try this one.)
Take advantage of NIS+ and Netgroups. Unfortunatley this environment is not
stable. So this wouldn't work.
Take away root. Not an option for me.

Thanks to:
Arthur Darren Dunham <>
Salehi, Michael E <>
Michael Stapleton <>
Matthew Fansher <>
Chad Graham <>
Ronald Loftin <>
Brian Friday <>
Ted Q. Tickell <>
David Ledger <>
Imre Kolos <>
Richard Mitchell <>

Thomas Vincent

------------------------------------------- Thomas Vincent | Apple Computer - IS&T | | |

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:06 CDT