Not sure why this message didn't get posted after I sent it the first time...
On Sun, 2003-01-26 at 07:28, Nicolas Justin wrote: > There is a way that prevent the local root to su to a NIS user, and so modify > anyone personnal data ? There is a way to accomplish this if the workstations with root are not shared among different individuals. In this case, you can turn on the all_squash NFS option for each host and use the anonuid/anongid NFS options to map the incomming uid and gid values from that host to the uid and gid of the individual assigned to that workstation. For example, if the host "pc001" is one of the administration workstations and you are sharing /home via NFS, your /etc/exports file might look something like this: /home pc001(rw,all_squash,anonuid=150,anongid=150) other(rw) Of course, this may or may not be an issue, but any user with root access could change the IP address of the host they are on and thus defeat this trick. For more info check out the man page for exports. It has a fairly good example of how to do what I just described. You could probably use the NIS netgroups to aid in setting this up. -- Eric Severance <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
