NFS security
Brandon S. Allbery
allbery at ncoast.UUCP
Thu Sep 15 09:00:05 AEST 1988
As quoted from <14186 at comp.vuw.ac.nz> by duncan at comp.vuw.ac.nz (Duncan McEwan):
+---------------
| One partial solution to both of these problem for machines that can be
| accessed by people you don't trust, is to make it harder to become root
| on those machines. I think SunOS 4.0 can be configured to require the
| superuser password before coming up in single user mode. Of course,
| there may be many other ways of becomming root on the workstation that
| this doesn't protect against, but at least it blocks off one of the
| easiest. Do any other workstation vendors provide this protection?
+---------------
Xenix has done this for years; which may become relevant with the advent of
an RFS version of Xenix (and maybe an NFS version will be in the works;
we'll have to see which one becomes dominant).
System V can be configured with a line "initdefault:2:" in /etc/inittab
which forces it to come up directly into multi-user mode (RFS-ites may want
"initdefault:3:" instead). If this is done the only way to get into single-
user mode is to log in as root and do a "telinit s".
++Brandon
--
Brandon S. Allbery, uunet!marque!ncoast!allbery DELPHI: ALLBERY
For comp.sources.misc send mail to ncoast!sources-misc
"Don't discount flying pigs before you have good air defense." -- jvh at clinet.FI
More information about the Comp.unix.wizards
mailing list