LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-25-2011, 07:55 AM   #1
snoop20
LQ Newbie
 
Registered: Jun 2011
Posts: 10

Rep: Reputation: Disabled
Symlinking /etc/passwd etc for networking


I'm running a small network of 20 PC's (slackware), I had previously used NIS and can't really be bothered with ldap it's a bit of hassle. I do not need a centralised database just a login auth system.

I wanted to run this by you.

On the server I make a folder called /sec and symlink passwd, group and shadow into it.

I export this via nfs.

On the workstation I create a folder /sec, move the passwd, group and shadow file into it and then symlink them back into the /etc folder.

On bootup, the rc.local mounts server /sec over the top of workstation /sec. If it fails it falls back.

Any issue with this approach?

I wasn't sure if I could just mount /sec on the workstation and then temporarily symlink group,passwd,shadow over the top of the /etc/shadow etc.

Cheers - Andrew
 
Old 06-25-2011, 09:35 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Don't do this, it's just horrible. If you can't be bothered with security, just set the passwords to be "password" and be done with it.

This has nothing at all to do with networking. Moved to Linux - Newbie.
 
Old 06-25-2011, 12:49 PM   #3
snoop20
LQ Newbie
 
Registered: Jun 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
Reasons for not doing it?

Horrible isn't one of them.

1. it doesn't require running a secondary system e.g make in /var/yp
2. it's secure

???
 
Old 06-25-2011, 01:36 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
So you have one common root password, so if one person finds that password on one, they instantly have it on all. What's more they could also instantly change every password for every account in the entire environment with nothing more than local machine access? If you're saying there are separate files for every machine then how do you prevent all files being accessible on all systems? If you're putting in per system config then that's possibly more work than doing it properly in the first place. Your passwords should not be being sent out to a remote site. That's one reason NIS itself is awful for authentication. If you take the password and give it out to a client then they have the password to do what they want with. Central authentication, e.g. ldap at a base level, means that the password never leaves the central machine and is so much more secure.
 
Old 06-27-2011, 12:25 PM   #5
snoop20
LQ Newbie
 
Registered: Jun 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
Security for this small network is basic, there is no major concern which is why I'm taking this approach.

I hard-linked the /etc/passwd, group, gshadow and shadow into /sec on the server and exported it read-only.

On the workstation I moved the same files into /sec, symlinked them into /etc and then mount the server /sec over the top.

This worked and I can login as root using server password. Also, the user accounts show up in gdm, however user passwords fail (even though they work on the server). Am I missing a file other than those four?

Cheers, Andrew
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Corn Recursive symlinking Ktl_XV Linux - Server 2 05-10-2010 10:40 PM
symlinking firefox dr_zayus69 Linux - Software 2 02-28-2005 04:20 AM
symlinking smbfs across a wan jse580 Linux - Networking 1 02-27-2004 02:21 AM
How to avoid symlinking libraries? Meros Linux - General 4 10-27-2002 11:47 AM


All times are GMT -5. The time now is 06:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration