On Fri, 19 Apr 2002, John Hunter wrote: > But if /var/spool/mail were it's own export with no_root_squash (so > client roots couldn't see /home or other root_squash dirs) and it was > mounted noexec on the NFS server, then wouldn't this clear up most of > the worries raised here?
yep, but that still leaves you with the problem of users with root on client machines being able to su to other userids and being able to read and write to their files. to prevent that you could try specifying by IP exactly which hosts are able to mount those shares, but that's not foolproof if your evil arch-enemy has good ip spoofing tools. you would not believe how much spam i just ate. =jay _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
