On Thu, 2002-07-04 at 22:57, Russell Coker wrote: > Delegating administrative access to one tree of an LDAP directory is easy. > Preventing it from being used maliciously is another issue. A hostile user > could create a new LDAP entry with a UID of 0...
But if you configure files lookups before db lookups the uid 0 entry in LDAP or SQL would never be used right? Snippet from /etc/nsswitch.conf: passwd: files mysql shadow: files mysql group: files mysql > Restricting someone who has UID=0 in a chroot environment from taking over > the rest of the machine is easy enough though... Yes, based on your talk today I guess you mean SE Linux. What about user mode Linux, have you ever looked at it's potential use as a chroot environment? Fraser -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
