Re: About how to protect network resources in LDAP environment?
I guess root_squash is to provent local root to rm /home/user2 on NFS
( root_squash is default in /etc/exports ?)
but can not provent user su -user2, then do damage.
Yuan Ho wrote:
Have you tried root_squash (export option)?
Yuan G. Ho
On Fri, Aug 27, 2010 at 11:06 AM, Min Wang <firstname.lastname@example.org
Hi Security Gurus:
I have following set up:
Multiple Linux PCs use OpenLdap to authenicate, and mount /home to
The goals are:
(1) User have its own root passwd of their own Linux PC, and can
do whatever they want on their own Linux PC
(2) but can not damage any other network resources etc. e.g : rm
files on NFS server.
The issue is:
on NFS server, there are: /home/user1, /home/user2 etc
user1 has root pw on its own Linux PC1,
user2 has root pw on its own Linux PC2
user1 can log in as local root on Linux PC1,
Even though as root, user1 can not rm /home/user2,
but he can su - user2 on Linux PC1 then rm something.
Any idea how to do it without give up (1) )?
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact