Summary: NFS Security Issue

From: Thomas Vincent (thomasv@apple.com)
Date: Wed Apr 19 2000 - 16:27:20 CDT


Problem:
The network is made up of several Mac OS X and Sun machines. The suns are
using NIS, and the Mac OS X are using Netinfo (NeXT/Apple directory
service.) The users have root on there local workstation. They NFS mount
there home directories. How do I stop a userA from su - then su - userB and
getting into userB's home directory? Any ideas?

Solution:
The best suggestion was to create a wheel group. This means only people in
this group can su - to root. This is possible with a little fiddling.
The other good suggestion but not a option was to use Andrew File Services.

Do not export /export/home with root privs in your /etc/dfs/dfstab file.
(Didnt' try this one.)
Take advantage of NIS+ and Netgroups. Unfortunatley this environment is not
stable. So this wouldn't work.
Take away root. Not an option for me.

Thanks to:
Arthur Darren Dunham <add@netcom.com>
Salehi, Michael E <Mike.Salehi@usa.xerox.com>
Michael Stapleton <michael_stapleton@bigfoot.com>
John.Julian@galegroup.com
Matthew Fansher <fanshem@gcm.com>
Chad Graham <cag@cdicad.com>
Ronald Loftin <reloftin@syr.edu>
Brian Friday <bfriday@LaSierra.edu>
Ted Q. Tickell <tickell@spypad.org>
David Ledger <dledger@ivdcs.demon.co.uk>
Imre Kolos <Imre.Kolos@eth.ericsson.se>
Richard Mitchell <mitchell@osb1.wff.nasa.gov>

--
Cheers,
Thomas Vincent

------------------------------------------- Thomas Vincent | Apple Computer - IS&T | thomasv@apple.com | http://www.apple.com |



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:06 CDT