Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!decwrl!ucbvax!bloom-beacon!eru!hagbard!sunic!mcsun!tuvie!iiasa!wnp
From: wnp@iiasa.AT (wolf paul)
Newsgroups: comp.unix.admin
Subject: Re: Network-wide Mail Spool?
Message-ID: <927@iiasa.UUCP>
Date: 1 Nov 90 10:27:16 GMT
References: <924@iiasa.UUCP> <8368@darkstar.ucsc.edu>
Reply-To: wnp%iiasa@relay.eu.net (wolf paul)
Organization: IIASA, Laxenburg/Vienna, Austria, Europe
Lines: 18

In article <8368@darkstar.ucsc.edu> haynes@ucscc.UCSC.EDU.UUCP (Jim Haynes) writes:
>One thing you have to consider here is whether security is going to be
>a problem.  With ordinary NFS any workstation on which the user can
>become root allows the user to impersonate any other user and read
>the mail.

Actually, every implementation  of NFS I have seen (Ultrix 3.0, SunOS 4.x,
Interactive SysV/386) allows you to limit Root Access to to specific
machines on a per-filesystem basis, in /etc/exports. The syntax varies
from OS to OS, but the concept is the same.

As someone else has suggested, if one modified the sendmail cf files
to only do delivery on one machine, then there is no need for root
access to the mail spool from any other machine.
-- 
Wolf N. Paul, UNIX SysAdmin, IIASA, A - 2361 Laxenburg, Austria, Europe
PHONE: +43-2236-71521-465     FAX: +43-2236-71313      UUCP: uunet!iiasa!wnp
INTERNET: wnp%iiasa@relay.eu.net      BITNET: tuvie!iiasa!wnp@awiuni01.BITNET