[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shadow for debian

Ricardo Kleemann (ricardo@americasnet.com) wrote:
: Does debian have a shadow package which would simplify installation of 
: shadow? Or do I have to install it manually?
I still have a lot of reservations about using shadow. The only way that it would
make sense is if you are restricted to just using one machine.

I am running a separate machine that does not allow user access for all services
or sensitive information. Another machine allows user login which is a kind of
shell server - a cheap old 486DX66 that does nothing
criticall at all. If someone breaks in then he can probably disturb some other users
access but not bring down major components.

Export the / directory  to your secure host. And then change the root
password to * via NFS. Do password lookups via NIS not allowing passwords to be seen
by users (and not thus not having passwords in /etc/passwd).
Mount the users home directory from the secure server and give the root_squash
option. No user can own a binary owned by root now...

Except for laborious exploitation of security holes (in what? Sendmail is also
running on the secure host....) I doubt that anyone can get in. And even if so:
Access from that host to other systems is quite limited. The system is running
accounting and some other things that will make life quite difficult.

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: