Re: Admin for E-MAIL users only
On Thu, 2002-07-04 at 22:57, Russell Coker wrote:
> Delegating administrative access to one tree of an LDAP directory is easy.
> Preventing it from being used maliciously is another issue. A hostile user
> could create a new LDAP entry with a UID of 0...
But if you configure files lookups before db lookups the uid 0 entry in
LDAP or SQL would never be used right? Snippet from /etc/nsswitch.conf:
passwd: files mysql
shadow: files mysql
group: files mysql
> Restricting someone who has UID=0 in a chroot environment from taking over
> the rest of the machine is easy enough though...
Yes, based on your talk today I guess you mean SE Linux. What about
user mode Linux, have you ever looked at it's potential use as a chroot
environment?
Fraser
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: