Kevin Jackson wrote: > Not entirely true. > Its the NFS export options - i.e. root_squash that needs to be used. > > /export/home @netgroup(rw,root_squash) > /export/home adminpc(rw,no_root_squash) > > only adminpc's root can modify files.
You're right when you say that root@netgroup can't directly modify users' NFS mounted files. But, as previously said, everybody being root on a @netgroup computer can 'su - user' and modify any file owned by "user". NIS+NFS is definitively "at risk" as long as any @netgroup user knows root password (or is in sudoers). -- Kilian CAVALOTTI | GPGKeyId: 0xD657340C BOFH excuse #236: Fanout dropping voltage too much, try cutting some of those little traces
