[olug] NIS / NFS permissions

Mr Scsi mrscsi at gmail.com
Thu Jan 19 22:53:28 UTC 2006


Thanks for the input. I already brought up the idea of fixing the
permissions and maintaining them with something like this.
However, I have been given the edict to prevent the change.



On 1/19/06, Brian Roberson <roberson at olug.org> wrote:
>
> quick script:
>
>
> #!/bin/bash
>
> cd /home && find . -type d -perm +077 -maxdepth 1 -name "*[a-z0-9]*"
> -print -exec chmod 700 {} \; > /tmp/out 2>&1
> if [ -s /tmp/out ] ; then
>         mail -s "home directory changes..." you at yourdomain.com < /tmp/out
>         rm -f /tmp/out
> fi
>
>
> schedule it via cron to run however frequently you like....
>
>
>
>
> > Hopefully someone has a quick answer to this one, as it has become a
> > stumper
> > to me.
> >
> > A bit of background:
> >
> > We are in the process of moving all our *nix boxes to nis as a stop gap
> > measure untill our aix systems can handle that new fangled ldap thing.
> >
> > We are also implementing comon home directories on a linux instance on
> > 390.
> > My problem is that some of our people work on *sensitive* material and
> > store
> > it in their home directories.
> > I have restricted access to the nfs server, and set all home directories
> > to
> > 700, but I have some *un-cooperative* admins who keep doing:
> >
> > cd /home
> > chmod 775 <MyHomeDir>
> >
> > On the server we are exporting /home with (rw,root_squash,sync), and
this
> > previous action leaves that users home dir readable by anyone. This is
> > unacceptable.
> >
> > Can anyone give me a quick idea on how to Prevent the chmod? I can't
just
> > take away chmod, as its needed for legitimate purposes. SELinux is out,
> > (no
> > one wants to open that can of worms yet).....
> >
> >
> >
> >
> > Andy
> > Marcus.<
https://www.redhat.com/training/certification/verify/index.html?rhce_cert_display:certno=807302339005657
>
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> >
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list