pst@canary.cdi.com (Paul Traina) (11/20/88)
From article <6710@rosevax.Rosemount.COM>, by news@rosevax.Rosemount.COM (News administrator):
< I haven't tried this, but the manual says that the user's .rhosts file is
< read BEFORE rhosts.equiv. So you should be able to put a .rhosts in
< bin's home directory, and configure it to deny rlogin/rsh to all hosts.
< This should override the general permissions in hosts.equiv.
<
< Dan Messinger
< dan@ernie.rosemount.com
Yet another good idea, but none of these address the 'root/bin' as NFS
problem. I'm sure that there's something that I've overlooked. Perhaps
puting stringent netgroup requirements on the system, and not allowing
root/bin/adm write access to certain partitions? Currently I am unaware
of any ability within UNIX & NFS to provide such a selective level of
security.
p.s. moved followups to comp.unix.wizards, since this really isn't a bug.
------
Paul Traina To believe that what is true for
{uunet|pyramid}!comdesign!pst you in your private heart is true
pst@cdi.com for all men, that is genius.