[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/passwd doesnt contain all users

On Wed, Jan 01, 2003 at 01:19:55PM -0700, Bob Proulx wrote:
> [The words used here lead me to believe you are suggesting a central
> mail server writing to /var/mail on the remote clients.]  That is a
> new twist on things.  In that case wouldn't using the MTA to MTA
> protocol be safer?

My comments weren't specificially intended at MTAs, but any files under
/usr or /var which may be owned by a userid that is dynamically
allocated, and also stored on a central NFS server.

MTAs are a bad example to illustrate this, it is too easy to
get sidetracked on the other issue: you should be doing this
anyway!

I wasn't so much looking at /var/mail either, that can be
solved with Maildir's, but /var/spool/postfix (or whatever it
gets called).

For a better example, look at /var/lib/gdm, which is owned by gdm, and
(assuming only one client uses a given copy) should be safe to use over
NFS, too. There are good reasons for wanting to put this on a central
NFS server, but you wouldn't want the userid to map to "bam" on the NFS
server, as otherwise I could potentially do significant damage...
--
Brian May <bam@debian.org>
Reply to: