From owner-freebsd-hackers Sun Feb 9 12:42:48 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA07179 for hackers-outgoing; Sun, 9 Feb 1997 12:42:48 -0800 (PST) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id MAA07156 for ; Sun, 9 Feb 1997 12:42:37 -0800 (PST) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id NAA25201; Sun, 9 Feb 1997 13:38:16 -0700 From: Terry Lambert Message-Id: <199702092038.NAA25201@phaeton.artisoft.com> Subject: Re: NIS/uids To: W.Belgers@nl.cis.philips.com (Walter Belgers) Date: Sun, 9 Feb 1997 13:38:16 -0700 (MST) Cc: terry@lambert.org, freebsd-hackers@FreeBSD.ORG In-Reply-To: <199702071015.LAA03051@giga.lss.cp.philips.com> from "Walter Belgers" at Feb 7, 97 11:15:52 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > I have no "+" in my password file, only "+user", so you can only hack > > > those users, not the users that are only locally in my password file. So > > > it does give the desired protection. > > > > Do you do "+group" in the group file, as well? I suppose you have to... > > No, I don't mind wether or not all gids are in the group file. If a NIS > user is in group 999 which doesn't locally exists, so be it. What about groups 0 ("can su to root"), 2 ("can grope kernel memory"), or 4 ("can grope tty input"). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.