No matter what you do, even if you have some sort of system where users
must do extra authentication, the ability to become root ruins it. If
Tom and Jerry are both logged in at once, then Jerry can become root
and trace Tom's processes and/or modify their operation (perhaps with a
de*). Or, Jerry could install (while root) a kernel patch to
cause Tom's processes to become Jerry's and suddenly have their output
appear on the tty of his choice.
"Our grandkids love that we get Roadrunner and digital cable."
(Adverti*t for Time Warner cable TV and internet access, July 2001)
> I have a server let us say A and a client B.
> solaris 2.8 and NIS installed.
> I have some NIS accounts.Let us say Tom and Jerry.
> Either knows the root password on the client B.
> A filesystem /users is shared from A and automounted on the client.
> Now Tom is able to give the command su - Jerry on the client without
> The problem is that Tom can destroy everything in Jerry's home directory.
> How is it possible to make the client more secure?
> I will let the possibility either for Tom or Jerry to connect on the client
> and work in their own directory.
If they need root access for certain operations, consider rbac or sudo.
"rbac" = "RBAC" = "Role-Based Access Control", or something like that.
[Trim the no-bots from my address to reply to me by email!]
[ Do NOT email-CC me on posts. Pick one or the other.]
The word of the day is mispergitude
i wish to use automountd but have a question about how to have the
automounted directory to be read-only when the disk that mount sits is
i have a large local partition (/dev/hda2) mounted read-write on /export
which has the following
i intend those dirs to be automounted as:
/export/opt on /opt
/export/home on /home
however, because the home directories of the local users are on this
disk, i need /dev/hda2 mounted as read-write, but i would like a way to
have the other two mount points, when automounted, to be read-only. is
there a way to do this?
the automount cfg is as follows:
* -ro,soft :/export/opt/&
when anything is automounted onto /opt (such as /opt/gnome), it appears
that i am still able to write /opt/gnome and indeed 'mount' reports that
/opt/gome/ is mounted rw.
i'm using autofs 3.1.7 on a 2.4.19 box with glibc 2.2.5 if thats of any
additionally, is it correct for the automount point (ie /opt in my case)
only list the dirs that have been automounted?
any thoughts would be appreciated