Re: About how to protect network resources in LDAP environment?
In /etc/exports, add "no_root_squash"
For example:
/home 192.168.0.0/24(rw,no_root_squash)
On Fri, Aug 27, 2010 at 11:06 AM, Min Wang <ser.basis@gmail.com> wrote:
> Hi Security Gurus:
>
> I have following set up:
>
> Multiple Linux PCs use OpenLdap to authenicate, and mount /home to NFS
> server
>
> The goals are:
> (1) User have its own root passwd of their own Linux PC, and can do whatever
> they want on their own Linux PC
> (2) but can not damage any other network resources etc. e.g : rm files on
> NFS server.
>
> The issue is:
>
> e.g:
> on NFS server, there are: /home/user1, /home/user2 etc
> user1 has root pw on its own Linux PC1,
> user2 has root pw on its own Linux PC2
>
> user1 can log in as local root on Linux PC1,
> Even though as root, user1 can not rm /home/user2,
> but he can su - user2 on Linux PC1 then rm something.
>
>
> Any idea how to do it without give up (1) )?
>
>
> Thanks
>
>
> Sincerely
>
> Min Wang
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: [🔎] 4C77E29A.70204@gmail.com">http://lists.debian.org/[🔎] 4C77E29A.70204@gmail.com
>
>
Reply to: