Use pam-ldap, nss-ldap to centralize uid/gids.
Roberto C. Sanchez писал(а): > On Fri, Oct 13, 2006 at 10:11:47AM +0200, Matus UHLAR - fantomas wrote: > > > On Fri, Oct 13, 2006 at 09:23:47AM +0200, Matus UHLAR - fantomas wrote: > > > > Note that NFS was created (by SUN microsystems) for homogenous networks > > > > where all people/computers used same shared password databases (e.g. > > > > NIS, > > > > formerly known as YP). > > > > > > > > For this reason is it (was) not safe for environments where anyone > > > > (read: > > > > admin of each system) can set up any access rights (s)he wants. > > > > > > On 13.10.06 03:55, Roberto C. Sanchez wrote: > > > Read: if anyone but you has root OR unmonitored physical access to > > > his/her machine, then you lose. > > > > unless you will never execute any program/script on the NFS filesystem > > (shared or mounted) and put only shareable files there... > > Except that even without considering executable binaries and scripts, > you still have the possibility that someone can read/write to files > which they otherwsie would not permission to. > > Regarsd, > > -Roberto > -- > Roberto C. Sanchez > http://people.connexer.com/~roberto > http://www.connexer.com > > --RhUH2Ysw6aD5utA4 > Content-Type: application/pgp-signature > Content-Disposition: inline; > filename="signature.asc" > Content-Description: Digital signature > X-Google-AttachSize: 190
