Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 May 2001 08:13:21 -0500
From:      Eric Anderson <anderson@centtech.com>
To:        freebsd-security@freebsd.org
Subject:   nfs mounts / su / yp
Message-ID:  <3AFFD9F1.EFB2B30E@centtech.com>

next in thread | raw e-mail | index | archive | help
I'm running FreeBSD client machines and mixed NFS servers.  My clients
nfs mount (or automount) the shares from the servers, and all are using
NIS for login/password authentication.  Home areas are NFS mounted
also.  My question is, if a user has (or gets) root on their desktop
machine (FreeBSD 4.x), it allows them to su to any NIS user, and have
access to anything as them, etc.. We often have users log in to other
users machines, and change desks, etc.  So I can't only allow one or two
users to log in to a particular box (this would be a nightmare, as I
have hundreds of machines to work with).  It's more like an su
restriction set that needs to be created.  Like, only certain users can
su to root.. and root can only su to the user that it originally su'd
from, if any.  I'm just curious what anyone else might be doign to solve
this problem, since it allows users to do dangerous things as other
users..


Thanks..
Eric



-- 
-------------------------------------------------------------------------------
Eric Anderson	 anderson@centtech.com    Centaur Technology    (512)
418-5792
The idea is to die young as late as possible.
-------------------------------------------------------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AFFD9F1.EFB2B30E>