In message <[EMAIL PROTECTED]>, Charles Goyard writes: >Alex Pires de Camargo a ?crit : >> I administer a network with server and clients Debian based, >> and would like to know if I can solve this problem. >> It's a little easy to an user open a PC, damage the batteries, >> boot with floppy and login as root in a client. But one thing is >> undesirable. He can do su - <users> and do many things on users >> homes. The rootsquash options on nfs solve the problem when the >> user is root, but as I explain, this is not sufficient. >> Is there anything I'm forgetting to make? On server I run >> potato, nis (not nis+), nfs-kernel-server. > >There's not much you can do when users have physical access to the boxes. >You can use the Intrusion Sensors wich makes the box beep when the case gens >opened, which makes the user feel particularly uncomfortable, or you can >glue the case :) > >Some boxes have facilities to put a lock (a physical one) on them.
System locks are good, and can work in this case. Almost every modern system from a major vendor (Dell, Gateway, etc.) supports them. However, this isn't a problem that has a technical solution. The correct solution is a policy-based one. Make it clear in your documentation that actions like that are a firable offense. If anyone does it, fire them. You may also be able to sue them as well. (Talk to the company lawyer about this) This isn't a problem with an easy techincal solution. Policy is the way to go here. -- Ted Cabeen http://www.pobox.com/~secabeen [EMAIL PROTECTED] Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] "I have taken all knowledge to be my province." -F. Bacon [EMAIL PROTECTED] "Human kind cannot bear very much reality."-T.S.Eliot [EMAIL PROTECTED]
