Hi, i'm back,
my original question was:
>>I have to export (rw) filesystems to machines (Sparcs, SunOS 4.1.1, NIS),
>>that may have root passwords flying around the house.
>>Does anyone have an idea to stop someone from
>>root# su user (no password necessary,NIS)
>>root# more /nfs/user/secret_mystery
>>
>>or is the answer just: no, don't export!
One answer is: use secure rpc and export/mount filesystems with
the option secure.
This way (when someroot su'd you on a client, meaning not
having come via login and giving your password) bad/wo/man has to supply
a password with the keylogin command.
The traditional NFS-mount lets badroot do anything with goody_user files
(dispite the difficulties of being mapped to nobody
with no -root option in /etc/exports)
Else: get all the root-passwords and change them!
Thanks for the help of:
trr@LPI.LIANT.COM
gdmr@LFCS.EDINBURGH.AC.UK
mlg@CSSPARC1.CSTP.UMKC.EDU
chip@ALLEGRA.ATT.COM
dan@BREEZE.BELLCORE.COM
datri@CONCAVE.CONVEX.COM
mnl@idtsun1.e-technik.th-darmstadt.de
brendan@CS.WIDENER.EDU
kevinmac@LL.MIT.EDU
doug@PERRY.BERKELEY.EDU
lee@SQ.COM
hanson@CALVIN.FNAL.GOV
oconnor!miker@ODDJOB.UCHICAGO.EDU
jay@PRINCETON.EDU
aardvark@marvin.prime.com
stern@EAST.SUN.COM
andys@ULYSSES.ATT.COM
dupuy@HUDSON.CS.COLUMBIA.EDU
mdh20@DA.AMDAHL.COM
j.h.
======================================================================
== J. Holzfuss bitnet: xphyhofu@ddathd21.bitnet ==
== IAP, TH Darmstadt internet: hofu@gauguin.th-darmstadt.de ==
== Schlossgartenstr.11 voice: +/49-6151-162884 ==
== 6100 Darmstadt, FRG ==
== ==
(!)
If I let go a hammer on a planet having a positive gravity,
I need not see it fall to know that it has, in fact, fallen.
-- Spock, "Court Martial," stardate 2948.9.
======================================================================
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:13 CDT