Re: Nis problem :

To: debian-user@lists.debian.org
Subject: Re: Nis problem :
From: "Arvind Marathe" <bahuroopi@gmail.com>
Date: Fri, 18 Apr 2008 17:39:43 +0530
Message-id: <[🔎] 999898700804180509k229a375s7734f930ae9c7bce@mail.gmail.com>
In-reply-to: <[🔎] 4808870F.3050707@gmail.com>
References: <[🔎] 777734.88437.qm@web27815.mail.ukl.yahoo.com> <[🔎] 4808870F.3050707@gmail.com>

On Fri, Apr 18, 2008 at 5:03 PM, Eduardo M KALINOWSKI <ekalin@gmail.com> wrote:
> Stephane Durieux wrote:
>  > Hello
>  >
>  > I am encountering a problem with a nis server.
>  > Local root on client  can do  su  user  without  giving  the password
>  > of the user.
>  >
>  > root squashing is enabled.
>  >
>  > What can I do
>
>  I do not know if NIS changes something, but the default behavior is that
>  root can su to any user without giving the password of the user. (And
>  this is exactly the point of su.)

I think he meant that the root on the NIS client machine can access
any nis user account without giving the passwd. So as NIS client root,
the command

su nis-user

logs into the nis-user account without requiring any passwd. I think
the client root 'sees' all NIS users as local users. Root squash on
the NIS server merely makes sure that the NIS client root cannot
access NFS mounted directories. The problem is described here as well:

http://blog.taragana.com/index.php/archive/full-disclosure-nis-security-hole-full-access-by-nis-client-root/

I am facing the same problem and haven't found any solution.

Arvind

Reply to:

Follow-Ups:
- Re: Nis problem
  - From: George Borisov <gb.lists.07@gmail.com>

References:
- Nis problem :
  - From: Stephane Durieux <durieux42@yahoo.fr>
- Re: Nis problem :
  - From: Eduardo M KALINOWSKI <ekalin@gmail.com>

Prev by Date: Re: insert USB stick, Debian crash
Next by Date: Re: Nis problem
Previous by thread: Re: Nis problem :
Next by thread: Re: Nis problem
Index(es):
- Date
- Thread