My question was:
> We all know the security problems of a Root user
> on any workstation su'ing to another user on your
> network and accessing there files (or by adding
> entries to /etc/passwd)
>But I thought that moving to NIS+ would block this security
>hole. Is this correct?
Well I had a mixture of answers and it is unclear if it can be solved.
I have tried using NIS+ and secureNFS, but without any luck, which is
what one person suggested. But it may be I was doing it incorrectly.
I will try again at a later date.
It looks like Kerberos is the correct answer, but without the software and
kerberos application I can not try it.
It was also suggested that I should use "sudo" and not give the Root
password to anyone, but this is not the point, plus in a University
it is impossible [The people who have obtained the money want complete
control of that machine and also want to be connected to the network for NFS].
All I have to say is that if you are automounting home directories to
all workstations, your users files are in danger from a root attack
if some one breaks in!!
I guess the solution is that you must make sure ALL workstations
all completely secure and not just your servers.
Thanks to all who replied:
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:10 CDT