Date: Mon, 14 May 2001 14:58:08 -0400 (Eastern Daylight Time) From: Forrest Houston <fhouston@east.isi.edu> To: Eric Anderson <anderson@centtech.com> Cc: Erik Trulsson <ertr1013@student.uu.se>, "Oulman, Jamie" <JOulman@iphrase.com>, "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org> Subject: Re: nfs mounts / su / yp Message-ID: <Pine.WNT.4.10.10105141453270.-559341@rosencrantz.east.isi.edu> In-Reply-To: <3B00295D.24643CD7@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I agree w/ Erik (w/ the k) in that some sort of automounting of the user's individual home directory is needed. However since we have a variety of machines (pretty much all flavors of Unix except HP) here we need something that can be used pretty much across all platforms and is of course easy to support... So far I haven't found anything yet, but it's become a back burner issue so I haven't looked for anything in years either :( Always looking for hints, clues, suggestions though ;) Forrest On Mon, 14 May 2001, Eric Anderson wrote: > Well, I think the problem is that a local root should mean only local > root access, and su should not allow you to su to non-local users (ie, > NIS users). Forrest, you have it close to what I am troubling with. I > have users that WILL get root on their desktop machines, one way or the > other. These users log into others machines (which is needed, and > acceptable).. The problem is simply how do you stop root from su'ing to > another user? (and deleting the binary is not an answer, since > downloading and/or compiling your own is simple enough).. > > Eric > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.WNT.4.10.10105141453270.-559341>