Path: utzoo!attcan!uunet!husc6!ogccse!blake!uw-beaver!fluke!ssc-vax!ray3rd
From: ray3rd@ssc-vax.UUCP (Ray E Saddler III)
Newsgroups: comp.unix.questions
Subject: Re: Security problem with local root user on SUN workstations
Summary: controversial issue...
Keywords: local root
Message-ID: <2374@ssc-vax.UUCP>
Date: 16 Nov 88 18:20:20 GMT
References: <3228@versatc.UUCP>
Organization: Boeing Aerospace Corp., Seattle WA
Lines: 22

In article <3228@versatc.UUCP>, tran@versatc.UUCP (Tony Tran) writes:
>  We run into a big security problem on our SUN local network when a user
>  who has access to root (on the local workstation) decides to "su" to
>  any valid username on the YP server, and therefore access any file
>  he wants.
>  Since I cannot keep track of all local root users in the SUN NFS
>  environment, how can I get around this serious problem ?
>  Any hint/advice would be greatly appreciated.

Tighten up your allowance to root access.  This is a big
religious/political issue in many many newsgroups and the bottom
line is to simply enforce limits.  I have a network of over 60
engineering workstations (Unix based) which includes a few Suns,
and provide the user community with a support staff of 5 bodies whos
primary task is to keep the network in good shape.  The only other
option is to define laws and hope for compliance from your many root
users.
-- 
| Ray E. Saddler III       |    __  __ __       __ |   Path: ..!ssc-vax!ray3rd |
| Boeing Aerospace         |   / / / //   //| //   | From: ray3rd@ssc-vax.UUCP |
| P.O. Box 3999 m.s. 3R-05 |  /-< / //-  // |// _  |---------------------------|
| Seattle, Wa.  98124  USA | /__//_//__ //  //__/  |  VoiceNet: (206) 657-2824 |