From owner-freebsd-questions@FreeBSD.ORG Tue Dec 18 19:03:21 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85BBD16A41A for ; Tue, 18 Dec 2007 19:03:21 +0000 (UTC) (envelope-from roy2098@yahoo.com) Received: from web54207.mail.re2.yahoo.com (web54207.mail.re2.yahoo.com [206.190.39.249]) by mx1.freebsd.org (Postfix) with SMTP id 2A3DC13C448 for ; Tue, 18 Dec 2007 19:03:20 +0000 (UTC) (envelope-from roy2098@yahoo.com) Received: (qmail 82869 invoked by uid 60001); 18 Dec 2007 18:36:40 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID; b=JrYl0O9eA9VcKmhxur9FVFHQ3leM45Zo5yafq7DRHLPXCH9wf9oY2XBrlhhYhMa6AlcWfh8lioKzxFWtuipPNKIR79zl9i2c5d7vPqZw7HIqPzHu27y65lvR42OnRbGKZHhMAMo/WUZx1hTxf7Lyj2AiDWIP3koS8eTX5nlK6Lc=; X-YMail-OSG: VFkYqT8VM1koujTj.qFbwa6Gvdf84Ac3r.RLpMMoCrOJa5K5f0Qm3SfY5aUL1rjh7IVjv_Yzan3p4PKWpvx0x0S8dA54JHH5rvh2WCrOJlc2tmALaZCHbYNEc.rqIxyYXkpzVifGz7q.Xzm6rKPiedQ8Fg-- Received: from [69.19.14.42] by web54207.mail.re2.yahoo.com via HTTP; Tue, 18 Dec 2007 10:36:40 PST X-Mailer: YahooMailRC/818.31 YahooMailWebService/0.7.158.1 Date: Tue, 18 Dec 2007 10:36:40 -0800 (PST) From: RA Cohen To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <615143.82582.qm@web54207.mail.re2.yahoo.com> Subject: NIS Linux - Ubuntu X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: RA Cohen List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Dec 2007 19:03:21 -0000 I've read most of what is out there on NIS - Linux interoperability. Unfortunately, nothing explains what we encountered on a FreeBSD 6.2 machine running NFS and NIS: 1. FreeBSD clients work as advertised, they interpret the password maps correctly; we export the server's /usr/home filesystem and users' home directories are automatically easily available. 2. "...just installed a clean Ubuntu 7.10 (newest) and set up NIS and he's STILL able to log in as ANY user without a password and can access their network drive when it's mounted" Number 2 above scared the living daylights out of me. I checked permissions on the /usr/home directories, all set to 770 (each user in in their own group). The Ubuntu client could still walk all over this filesystem. Let me be clear: any valid username (as exported by the NIS maps) was authenticated with any password. Somehow Ubuntu was given root user permissions no matter what user was logged in. When we changed the /var/yp/Makefile to create maps with an 'x' instead of an '*' this fixed the problem but also resulted in no valid logins from the Ubuntu clients at all. And I have not checked the FreeBSD client machines to see how they deal with the 'x' in the password map but that doesn't matter; what concerns me is how Ubuntu was given free access over the filesystem...That makes NIS unuseable in our environment (a public high school) because what about Mac's? and other Linux-type clients? Can anyone shed a clue on what is occurring here? Seems like a dangerous hole in FBSD's NIS implementation. I know, I should move to Kerberos/LDAP but that realistically cannot happen until the summer. Thank you in advance for your help! RA Cohen ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ