Howdy, I'm looking for a file serving method that lets me securely share files out to clients with untrusted root users.* I.e. if user home directories are on a read-write network volume, I want to stop root on a workstation from doing:
rm -rf ~user or su - user rm -rf ~ * Yes, I know that if someone has root on the workstation, then all bets are off, since they can trojan kinit to collect passphrases, steal tickets, etc. I'm just trying to raise the bar significantly higher than the standard NFS level of (in)security. >From what I understand of NFSv4, if I set it up to use kerberos, then I can do this, since only a user with a valid kerberos ticket will be able to access the files on the share. It seems like a kerberized solution could work here, but I'm not sure what protocol to use. I'm looking for a solution that would work on Linux and OS X. The NFSv4 support is fairly limited under OS X right now. Can Samba/CIFS do this? AFS? Other? -ben -- in order to create anything, one must first start with something that is not the thing being created. <phillip j. eby> _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
