Hello,
Have you tried root_squash (export option)?
Regards,
Yuan G. Ho
On Fri, Aug 27, 2010 at 11:06 AM, Min Wang <ser.basis@gmail.com
<mailto:ser.basis@gmail.com>> wrote:
Hi Security Gurus:
I have following set up:
Multiple Linux PCs use OpenLdap to authenicate, and mount /home to
NFS server
The goals are:
(1) User have its own root passwd of their own Linux PC, and can
do whatever they want on their own Linux PC
(2) but can not damage any other network resources etc. e.g : rm
files on NFS server.
The issue is:
e.g:
on NFS server, there are: /home/user1, /home/user2 etc
user1 has root pw on its own Linux PC1,
user2 has root pw on its own Linux PC2
user1 can log in as local root on Linux PC1,
Even though as root, user1 can not rm /home/user2,
but he can su - user2 on Linux PC1 then rm something.
Any idea how to do it without give up (1) )?
Thanks
Sincerely
Min Wang
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
<mailto:debian-security-REQUEST@lists.debian.org>
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org <mailto:listmaster@lists.debian.org>
Archive: [🔎] 4C77E29A.70204@gmail.com">http://lists.debian.org/[🔎] 4C77E29A.70204@gmail.com