Ricardo Kleemann ([EMAIL PROTECTED]) wrote: : Does debian have a shadow package which would simplify installation of : shadow? Or do I have to install it manually? I still have a lot of reservations about using shadow. The only way that it would make sense is if you are restricted to just using one machine.
I am running a separate machine that does not allow user access for all services or sensitive information. Another machine allows user login which is a kind of shell server - a cheap old 486DX66 that does nothing criticall at all. If someone breaks in then he can probably disturb some other users access but not bring down major components. Export the / directory to your secure host. And then change the root password to * via NFS. Do password lookups via NIS not allowing passwords to be seen by users (and not thus not having passwords in /etc/passwd). Mount the users home directory from the secure server and give the root_squash option. No user can own a binary owned by root now... Except for laborious exploitation of security holes (in what? Sendmail is also running on the secure host....) I doubt that anyone can get in. And even if so: Access from that host to other systems is quite limited. The system is running accounting and some other things that will make life quite difficult. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]