Re: Ldap authentication and NFS mounts
- From: "J.O. Aho" <user@xxxxxxxxxxx>
- Date: Tue, 27 Feb 2007 18:19:49 +0100
linuxnewbie1234 wrote:
The problem is that in Linux, the root of each machine can just do "su"
to become whatever other user, and see the home of whatever other user
from the MacOsX fileserver mount! This is not what we want.
Remove su from the machine (bad idea IMHO).
I don't see the point in worry about that, if you worry that users will
single user boot, then password protect the boot loader.
Note that for now we were only able to do the mount of the homes in
linux machines *statically*, that is, with an entry in fstab which
mounts all the homes together, and not user-by-user at the moment of
login. Is our vulnerability only caused by this or it would exist anyway?
If you export /home, then you get everything, you would need to export
each user directory by themselves and then rewrite the login manager to
mount the remote directory to the local, but your fstab would get quite
big the more users you would have.
I do not see the problem, if you want to lock out other users from a
users home directory, then change the privileges so that only the user
in question can access it (chmod 700 /home/*), keep in mind that the
file system used in Linux (Mac OSX, Unix) are made for multiuser usage
in mind.
--
//Aho
.
- References:
- Ldap authentication and NFS mounts
- From: linuxnewbie1234
- Ldap authentication and NFS mounts
- Prev by Date: Ldap authentication and NFS mounts
- Next by Date: Re: Newbie Question
- Previous by thread: Ldap authentication and NFS mounts
- Next by thread: Re: Ldap authentication and NFS mounts
- Index(es):
Relevant Pages
|
