Date: Tue, 4 Feb 1997 11:10:35 +0100 (MET) From: W.Belgers@nl.cis.philips.com (Walter Belgers) To: freebsd-hackers@freebsd.org Subject: NIS/uids Message-ID: <199702041010.LAA27440@giga.lss.cp.philips.com>
next in thread | raw e-mail | index | archive | help
Hi, I hope this is the right place to tell my story. I run FreeBSD 2.1.5. On my system are a bunch of local users but I also have users from the NIS database on another system (an HP). In my password file the users are defined as follows: +user::::::::/home/john:/usr/local/bin/tcsh So I override the homedir and shell. The problem now is that the security on my system has become dependant on that of the NIS server. If I am root on the NIS server I can change the uid of "user" into any user including root and make use of it on my system. Even if you can only become root using su you can easily first become a user in wheel and then root. The obvious solution is to override the uid in the password file: +user::1234:1234:::::/home/john:/usr/local/bin/tcsh But now I have another problem... the userid is not mapped to the username any more. 1) [~] root@giga> grep user /etc/master.passwd +user::::::::/home/john:/usr/local/bin/tcsh [~] root@giga> ypmatch user passwd user:$1xOC/SMM4ss.:1234:1234:John Doe:/home/john:/usr/local/bin/tcsh [~] root@giga> su - user [~] user@giga> id uid=1234(user) gid=1234 groups=1234 2) [~] root@giga> grep user /etc/master.passwd +user::1234:1234:::::/home/walter:/usr/local/bin/tcsh [~] root@giga> ypmatch user passwd user:$1xOC/SMM4ss.:1234:1234:John Doe:/home/john:/usr/local/bin/tcsh [~] root@giga> su - user [~] user@giga> id uid=1234 gid=1234 groups=1234 The fact that "user" now is only known as uid 1234 and not as user "user" gives rise to a lot of problems. Is this a bug or am I overlooking something? Walter. -- Ir. W.H.B. Belgers, Internet Security Specialist phone: +31 40 2782753 Origin IT Syst.Man. /Nederland bv, Bldg VN-513 email: fax: +31 40 2784697 P.O. Box 218, 5600 MD Eindhoven, Netherlands W.Belgers@nl.cis.philips.com non-business-email: walter@giga.nl -web: http://www.IAEhv.nl/users/gigawalt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702041010.LAA27440>