Re: Problems with root on network clients
Alex Pires de Camargo a écrit :
> I administer a network with server and clients Debian based,
> and would like to know if I can solve this problem.
> It's a little easy to an user open a PC, damage the batteries,
> boot with floppy and login as root in a client. But one thing is
> undesirable. He can do su - <users> and do many things on users
> homes. The rootsquash options on nfs solve the problem when the
> user is root, but as I explain, this is not sufficient.
> Is there anything I'm forgetting to make? On server I run
> potato, nis (not nis+), nfs-kernel-server.
There's not much you can do when users have physical access to the boxes.
You can use the Intrusion Sensors wich makes the box beep when the case gens
opened, which makes the user feel particularly uncomfortable, or you can
glue the case :)
Some boxes have facilities to put a lock (a physical one) on them.
One thing you can do with software is to encrypt filesystems, requiring a
password to decrypt and therefore use the data on them. If your
authentication requires some data that is on the crypted filesystem, users
that boot from a floppy won't have access to it, and thus can not use your
Put keep in mind that boxes with physical access are a PITA to secure and