Note: if you tell me that he is going to boot off a knoppix CD and crackAndrew Filesystem (this very hard to set up and demands a kerberos infrastructure)
root on the box to su to userB, you must give me at least one example of
an alternative that is not susceptible to an attack by a malicious local
root
and NFSv4(unfortunately not prime time)
Linux Enhanced SMBFS http://uranus.it.swin.edu.au/~jn/linux/smbfs/
This is really great, and easy to user with Debian's automounter.
This is not 100% security. If I get root on the box, I can swipe your password by sniffing
your keystrokes even. But it is pretty good. If user B never logs into a client machine, user A
will not have access to user B's files from the SMBFS server.
I read another solution on bugtraq where they implemented NFS via ssh tunnels, and it seems like
a pretty good solution but I have not implemented it http://ww.math.ualberta.ca/imaging/snfs/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
