[olug] NIS / NFS permissions

Daniel Linder dan at linder.org
Wed Jan 25 03:58:47 UTC 2006



Mr. SCSI,



You might want to check out "" at http://www.linux.com/
for their article on "systrace".  It appears to offer you a
way to limit the functionality of a program down to the system-call level
(i.e. chmod, etc).



Unfortunatly, if the "bad person" in your network already has
root access, then they could just as easily bypass the systrace security
measures...



On Thu, January 19, 2006 23:52, Christopher Cashell wrote:

> At most of the places I've worked, activities like the above would
be

> considered abuse of access, and will get your root/administrative
access

> revoked.  Repeated abuses like that would be grounds for
termination.



I think Christophers idea is the most effective.  All the technical
resources in the world won't help you if you have a determined root user
capable of undoing your security measures.



Once you get a manager who understands the legal/financial implications of
these actions, they will be able to work at changing this persons attitude
a bit.



It's never fun being the enforcer of new strict policies... :(



Dan



- - - -

"Wait for that wisest of all counselors, time." -- Pericles

"I do not fear computers, I fear the lack of them." -- Isaac
Asimov

GPG fingerprint:6FFD DB94 7B96 0FD8 EADF  2EE0 B2B0 CC47 4FDE 9B68



More information about the OLUG mailing list