pst@canary.cdi.com (Paul Traina) (11/20/88)
From article <6710@rosevax.Rosemount.COM>, by news@rosevax.Rosemount.COM (News administrator): < I haven't tried this, but the manual says that the user's .rhosts file is < read BEFORE rhosts.equiv. So you should be able to put a .rhosts in < bin's home directory, and configure it to deny rlogin/rsh to all hosts. < This should override the general permissions in hosts.equiv. < < Dan Messinger < dan@ernie.rosemount.com Yet another good idea, but none of these address the 'root/bin' as NFS problem. I'm sure that there's something that I've overlooked. Perhaps puting stringent netgroup requirements on the system, and not allowing root/bin/adm write access to certain partitions? Currently I am unaware of any ability within UNIX & NFS to provide such a selective level of security. p.s. moved followups to comp.unix.wizards, since this really isn't a bug. ------ Paul Traina To believe that what is true for {uunet|pyramid}!comdesign!pst you in your private heart is true pst@cdi.com for all men, that is genius.