[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

About how to protect network resources in LDAP environment?

Hi Security Gurus:

I have following set up:
Multiple Linux PCs use OpenLdap to authenicate, and mount /home to NFS server 

The goals are:
(1) User have its own root passwd of their own Linux PC, and can do whatever they want on their own Linux PC (2) but can not damage any other network resources etc. e.g : rm files on NFS server. 

The issue is:

e.g:
on NFS server, there are: /home/user1, /home/user2 etc
user1 has root pw on its own Linux PC1,
user2 has root pw on its own Linux PC2

user1 can log in as local root on Linux PC1,
Even though as root, user1 can not rm /home/user2,
but he can su - user2 on Linux PC1 then rm something.


Any idea how to do it without give up (1) )?


Thanks


Sincerely

Min Wang
Reply to: