Re: Admin for E-MAIL users only
On Sat, 6 Jul 2002 18:14, Fraser Campbell wrote:
> On Thu, 2002-07-04 at 22:57, Russell Coker wrote:
> > Delegating administrative access to one tree of an LDAP directory is
> > easy. Preventing it from being used maliciously is another issue. A
> > hostile user could create a new LDAP entry with a UID of 0...
>
> But if you configure files lookups before db lookups the uid 0 entry in
> LDAP or SQL would never be used right? Snippet from /etc/nsswitch.conf:
> passwd: files mysql
> shadow: files mysql
> group: files mysql
In that case files will be used first for UID->name lookups, but for
name->UID lookups if the name is != root then it'll still work. Try it!
> > Restricting someone who has UID=0 in a chroot environment from taking
> > over the rest of the machine is easy enough though...
>
> Yes, based on your talk today I guess you mean SE Linux. What about
> user mode Linux, have you ever looked at it's potential use as a chroot
> environment?
UML is another option for results that can be similar in some situations.
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: