[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Admin for E-MAIL users only

On Sat, 6 Jul 2002 18:14, Fraser Campbell wrote:
> On Thu, 2002-07-04 at 22:57, Russell Coker wrote:
> > Delegating administrative access to one tree of an LDAP directory is
> > easy. Preventing it from being used maliciously is another issue.  A
> > hostile user could create a new LDAP entry with a UID of 0...
> But if you configure files lookups before db lookups the uid 0 entry in
> LDAP or SQL would never be used right?  Snippet from /etc/nsswitch.conf:
> passwd:         files mysql
> shadow:         files mysql
> group:          files mysql

In that case files will be used first for UID->name lookups, but for 
name->UID lookups if the name is != root then it'll still work.  Try it!

> > Restricting someone who has UID=0 in a chroot environment from taking
> > over the rest of the machine is easy enough though...
> Yes, based on your talk today I guess you mean SE Linux.  What about
> user mode Linux, have you ever looked at it's potential use as a chroot
> environment?

UML is another option for results that can be similar in some situations.

I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: