Path: utzoo!attcan!uunet!munnari.oz.au!bruce!gdwb.oz.au!csb From: csb@gdwb.oz.au (Craig Bishop) Newsgroups: comp.protocols.nfs Subject: Re: problem with rsh under PC-NFS Keywords: rsh,PC-NFS,PCNFS Message-ID: <551@rome.gdwb.oz.au> Date: 8 Nov 90 22:13:00 GMT References: Sender: news@gdwb.oz.au Lines: 30 rog@speech.kth.se (Roger Lindell) writes: >Hello again, >I just want to thank everybody who mailed me and tell them that >it works fine now since I added the PC:s to the hosts.equiv list. This is a bad idea because if the PC user is able to tell rsh that he is root then the PC user can do whatever he likes. What you have done is said that the PC is equivalent to you UNIX box. This is dangerous, basically I don't trust PC users. What we do is create a .rhosts file for nobody and place all the PC's in that. That way all the PC's have the privileges to run commands using the nobody user. They can do lots of things but cannot do anything to the system because nobody does not have access to many things. Then if PC users wish to execute commands as themselves (ie. using their Unix account) we get them to create a personal ".rhosts" file in their home directory which equivalences their PC with the UNIX machines. They can even put multiple PC's in the .rhosts file if they wish to use multiple PC's accessing the UNIX machines. I am prepared to be proved wrong and be told that the PC's are safe, but can someone prove that? -- Craig Bishop Geelong & District Water Board Phone: +61 52 262506 61-67 Ryrie St Geelong Fax: +61 52 218236 Victoria 3220 Australia