I came across a intresting problem and I need
help in this regard.
I initialised a machine as NIS+client ( with only
information of domain-name and NIS+ Server
address ..in fact address is also not needed).
Because of default read only permission for NIS+
maps to group others the unauthenticated client
gets all the maps information.
Now root on this unauthenticated machine can "su"
to any user of the network. Simplest solution to
this problem is not to have read permission to
group others for the NIS+ maps but in this case
old NIS clients can not be part of the NIS+
network as they rely on the read only permission.
I need help to prevent root to do "su" to some
other user or atleast should be prompted for the
user's password the same way user gets promt for
root password for "su" command.
Sent via Deja.com