[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fresh blood gets congested: long way to become DD

On Wed, Aug 03, 2005 at 04:12:40AM -0700, Steve Langasek wrote:
> More likely, the implication is that giving someone the necessary write
> access to LDAP is *equivalent* to giving them root access on the Debian
> servers.

No, only if the person is allowed to write the uidNumber entry.

> You'd need more sanity checking than just preventing tampering with existing
> accounts.  In any case, I hardly think it would be worth the effort.

I have such a setup running. There are some people which are allowed to
add items to the tree which are converted to real user objects by a
script. They are not allowed to set uids/gids and generate groups.


Pain is a thing of the mind.  The mind can be controlled.
		-- Spock, "Operation -- Annihilate!" stardate 3287.2

Attachment: signature.asc
Description: Digital signature

Reply to: