[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Limiting admin privileges

On Mon, 17 Dec 2001, allen wayne best just ramblin in his amx wrote:

> robert:
> for what it is worth, the drives that i have mounted on my machine via nfs
> cannot be changed via root. root is an unpriviledged user so far as the nfs
> mounted files are concerned. my normal user can only change files which the
> user has access to. same for root. these files are exported from an hp-ux
> machine. in order for root to have priviledged access on my machine, the
> exporting machine has to explicitly set the privileges.
> for more information on this refer to man exports under "User ID Mapping"

If the user has physical access to the Linux machines,
however, root access is trivial.  If you have root access
and mount drives using NFS, access to other user's files
is also trivial.  On an NFS volume, root cannot (assuming
"root_squash") write to files.  root can, however, su to
any user s/he chooses and then gains write access to all
of that user's files.


Jeremy L. Gaddis     <jlgaddis@blueriver.net>

Reply to: