Hello, Have you tried root_squash (export option)?
Regards, Yuan G. Ho On Fri, Aug 27, 2010 at 11:06 AM, Min Wang <ser.ba...@gmail.com> wrote: > Hi Security Gurus: > > I have following set up: > > Multiple Linux PCs use OpenLdap to authenicate, and mount /home to NFS > server > > The goals are: > (1) User have its own root passwd of their own Linux PC, and can do > whatever they want on their own Linux PC > (2) but can not damage any other network resources etc. e.g : rm files on > NFS server. > > The issue is: > > e.g: > on NFS server, there are: /home/user1, /home/user2 etc > user1 has root pw on its own Linux PC1, > user2 has root pw on its own Linux PC2 > > user1 can log in as local root on Linux PC1, > Even though as root, user1 can not rm /home/user2, > but he can su - user2 on Linux PC1 then rm something. > > > Any idea how to do it without give up (1) )? > > > Thanks > > > Sincerely > > Min Wang > > > > > > > > > > > > > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: http://lists.debian.org/4c77e29a.70...@gmail.com > >
