Xref: utzoo comp.bugs.4bsd:1102 comp.unix.wizards:12684 comp.protocols.nfs:44
Path: utzoo!attcan!uunet!comdesign!canary!pst
From: pst@canary.cdi.com (Paul Traina)
Newsgroups: comp.bugs.4bsd,comp.unix.wizards,comp.protocols.nfs
Subject: Re: bin owning files
Message-ID: <569@comdesign.CDI.COM>
Date: 19 Nov 88 22:40:54 GMT
References: <6710@rosevax.Rosemount.COM>
Sender: news@comdesign.CDI.COM
Followup-To: comp.unix.wizards
Lines: 22

From article <6710@rosevax.Rosemount.COM>, by news@rosevax.Rosemount.COM (News administrator):
< I haven't tried this, but the manual says that the user's .rhosts file is
< read BEFORE rhosts.equiv.  So you should be able to put a .rhosts in
< bin's home directory, and configure it to deny rlogin/rsh to all hosts.
< This should override the general permissions in hosts.equiv.
< 
< Dan Messinger
< dan@ernie.rosemount.com

Yet another good idea, but none of these address the 'root/bin' as NFS
problem.  I'm sure that there's something that I've overlooked.  Perhaps
puting stringent netgroup requirements on the system, and not allowing
root/bin/adm write access to certain partitions?  Currently I am unaware
of any ability within UNIX & NFS to provide such a selective level of
security.

p.s. moved followups to comp.unix.wizards, since this really isn't a bug.

------
Paul Traina				To believe that what is true for
{uunet|pyramid}!comdesign!pst		you in your private heart is true
pst@cdi.com				for all men, that is genius.