FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-18-2008, 12:24 PM
George Borisov
 
Default Nis problem

Arvind Marathe wrote:

On Fri, Apr 18, 2008 at 5:03 PM, Eduardo M KALINOWSKI <ekalin@gmail.com> wrote:

Stephane Durieux wrote:
> Hello
>
> I am encountering a problem with a nis server.
> Local root on client can do su user without giving the password
> of the user.
>
> root squashing is enabled.
>
> What can I do


<-snip->


I am facing the same problem and haven't found any solution.


As far as I know, there isn't a solution. NIS+NFS is an easy setup at
the expense of offering no real security.


NFS design assumes that client's root user can be trusted. As long as
you have root on the client machine, you have access to the user files
on the NFS export. This is the same with, or without NIS.


Basically, NFS takes the numeric UID the client supplies and matches it
against permissions on the files. The only exception is the "root
squash" option which takes UID 0 (root) and remaps it to a guest account
with no access.


Using LDAP instead of NIS may be the solution, but I don't have any
practical experience with this.



Hope this helps,

George.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 04:14 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org