I've been working on setting up a NIS server to authenticate users of machines from a central server and also when they log in, they NFS mount their home directories on that same server. Everything is going pretty good.
Too bad LDAP didn't work out for you. If your server were less pink... ;-)
My question is: How do I make sure the uids and gids are happy so that everyone gets the permissions they need (and don't need for that matter)? I mean, I make the user on the server using userdrake (Mandrake boxes BTW) and then run the script that adds them to the NIS database, and then they can log onto the client machines just dandy.
I've read about no_root_squash and how that is bad. Are the uid's and gid's just something I need to keep an eye on so I don't make a local user and a NIS user the same uid / gid on a NIS client? Is there something I should make sure I put in /etc/exports or /etc/fstab?
Squashing root is about all you can do to make NFS safe for the server, but it doesn't help much. The problem is that an attacker can set his uid to whatever he wants and have access to files owned by that uid. He just can't mess with files owned by root.
Normally there's a way to tell the NIS server only to use uids higher than a particular number. This allows you to create local users below that number safely.
On each client, 128.187.200.251:/home is mounted to /home (I point local users elsewhere) On user set up, should I use 128.187.200.251:/home/username instead of /home/username?
Will that even work? I don't think it will. You could use autofs if you wanted the real location of a user's home to be more agile, but that's probably not what you want.
smime.p7s
Description: S/MIME Cryptographic Signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
