Local root user can su - to nis user
Hi everyone,
I'm no NIS expert and I came accross a serious security hole in an environment running NIS for linux machines. Users in this environment own their machines, meaning the have root access and manage their boxes themselves. However, they are nis clients. If they become root on their own machines they can sudo to any nis user account. Is there anyway to prevent this? We can not take away the users root access because they will complain that it is their box and they want root access (I know, it's a sorry situation).
Is it possible to force password authentication even from root for nis users?
It seems this goes against *nix rules of root access but I'm hoping someone else has encountered this and has a work around.
The ideal situation would be:
1 - users have their own boxes with their own root access.
2 - they are nis clients
3 - user can su - to his/her nis user account ONLY by using password authentication.
Thanks in advance.
|