Summary: Securely Offering Home Directory via Linux Clients

From: Ivan Fetch <sunmanagers_at_cs.du.edu>
Date: Fri Oct 11 2002 - 03:51:46 EDT
   First I'd like to thank those who responded:
"Broun, Bevan" <brounb@adi-limited.com>,
John Martinez <john@mtbiker.net>,
"Glass, David (UDB)" <GlassD@bp.com>,
Hendrik Visage <hvisage@is.co.za>,
Martin Hepworth <martinh@solid-state-logic.com>,
William Kupersanin <kuper@glue.umd.edu>,
system administration account <sysadmin@astro.su.se>,
Andrew J Caines <Andrew.J.Caines@wcom.com>,
Jay Lessert <jayl@accelerant.net>,
Paul Greidanus <paul.greidanus@ualberta.ca>,
Sean Quaint <squaint@comcast.net>,
amit <amahajan@santelnet.com>

   My question was...:

> Hello all,
>    I'm pondering the details of offering our home directories (living on
> an E250 server with Solaris 9) to those with Linux PCs in their office.
> As the PC owners will have root access, using NFS does not seem like an option (because
> root may su to any other user).
>    The only idea I have come up with thus far is using smbmount to access
> a user's home directory via samba (which is running to provide Windows
> connectivity to users' home directory).  The Samba password will be
> required to create an smbmount to their home directory, which ideally will
> be disconnected at logout.
>    I recognize that this idea has possabilities as well as klugy pitfalls
> - I'm curious how others have dealt with the problem of integrating Linux
> workstations into the Solaris environment.
>
> I'll summarize of course,
> Thanks -- Ivan.

   I received lots of comments and suggestions.  After some discussion and
thought, we're going to keep the linux clients from mounting any home
directories for the moment, and have users use SSH and X11 forwarding to
the Sun servers if they need to work with their files there.  I'll look
into some of the other suggestions, which are and possibly end up trying
out AFS or other secure network filesystems:

   * Your security policies are just as important and powerful... (good
point)
   * Use Secure NFS along with NISPlus and AutoFS (this definitely could work, although I'd want to try going LDAP
instead)
   * Try AFS, OpenAFS, InterMezzo, and/or CODA
   * Look at sudo
   * Only mount home directory(ies) on a given Linux box for the primary
user of that box (this would definitely work for users' who REALLY want to
access their Sun-based files or take easy advantage of the Sun server
backups)

   Just about everyone cried out against giving root access to the users
(professors and teaching assistants) of the linux boxes.  I very much
agree from the security standpoint, but being a University Computer
Science department, there's a desire for experimenting with Linux kernel
programming and wanting the opertunity to learn more Linux `under the
hood'.


   Thanks all for your feedback,
Ivan.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Oct 11 03:55:18 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:56 EST