Restrict su from root to NIS user account

asteroid4u · 03-23-2016, 10:25 PM

Hi,

We are using NIS services for users login for Unix accounts. We have test machines where users itself install OS and they get root access. Users are using su from root account to NIS user accounts without Passwords they are able to enter other NIS accounts easily. Is there any way we restrict this option? I don't want allow any root user to login other users nis account.

pan64 · 03-24-2016, 04:23 AM

do not use nis on those hosts.

asteroid4u · 03-24-2016, 10:36 PM

Hi Pan,

We can do it but they need to mount their home directories for testing their applications that is the challenge. Moreover Users knows NIS server IP they itself configure it.

Thanks,

pan64 · 03-25-2016, 01:07 AM

looks like what you want is not possible. Either you give them full access or not, but root cannot be restricted. You can configure nis to not allow those test servers to join (or even more secure to put test servers behind a firewall) and you can mount one single drive which is accessible from anywhere. So users can copy their stuff onto that central disk and that will be available on test machines too (or you can try sshfs, rsync or whatever you prefer)

asteroid4u · 03-26-2016, 10:30 AM

Hi Pan,

At least can we enable password when adding client to NIS server. I mean even though users has local root access when adding test machine to NIS server. It has ask password. So this way we can protect atleast.

Thanks