In /etc/exports, add "no_root_squash" For example:
/home 192.168.0.0/24(rw,no_root_squash) On Fri, Aug 27, 2010 at 11:06 AM, Min Wang <[email protected]> wrote: > Hi Security Gurus: > > I have following set up: > > Multiple Linux PCs use OpenLdap to authenicate, and mount /home to NFS > server > > The goals are: > (1) User have its own root passwd of their own Linux PC, and can do whatever > they want on their own Linux PC > (2) but can not damage any other network resources etc. e.g : rm files on > NFS server. > > The issue is: > > e.g: > on NFS server, there are: /home/user1, /home/user2 etc > user1 has root pw on its own Linux PC1, > user2 has root pw on its own Linux PC2 > > user1 can log in as local root on Linux PC1, > Even though as root, user1 can not rm /home/user2, > but he can su - user2 on Linux PC1 then rm something. > > > Any idea how to do it without give up (1) )? > > > Thanks > > > Sincerely > > Min Wang > > > > > > > > > > > > > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: http://lists.debian.org/[email protected] > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
