[olug] NIS / NFS permissions

Brian Roberson roberson at olug.org
Thu Jan 19 22:48:51 UTC 2006


quick script:


#!/bin/bash

cd /home && find . -type d -perm +077 -maxdepth 1 -name "*[a-z0-9]*"
-print -exec chmod 700 {} \; > /tmp/out 2>&1
if [ -s /tmp/out ] ; then
	mail -s "home directory changes..." you at yourdomain.com < /tmp/out
	rm -f /tmp/out
fi


schedule it via cron to run however frequently you like....




> Hopefully someone has a quick answer to this one, as it has become a
> stumper
> to me.
>
> A bit of background:
>
> We are in the process of moving all our *nix boxes to nis as a stop gap
> measure untill our aix systems can handle that new fangled ldap thing.
>
> We are also implementing comon home directories on a linux instance on
> 390.
> My problem is that some of our people work on *sensitive* material and
> store
> it in their home directories.
> I have restricted access to the nfs server, and set all home directories
> to
> 700, but I have some *un-cooperative* admins who keep doing:
>
> cd /home
> chmod 775 <MyHomeDir>
>
> On the server we are exporting /home with (rw,root_squash,sync), and this
> previous action leaves that users home dir readable by anyone. This is
> unacceptable.
>
> Can anyone give me a quick idea on how to Prevent the chmod? I can't just
> take away chmod, as its needed for legitimate purposes. SELinux is out,
> (no
> one wants to open that can of worms yet).....
>
>
>
>
> Andy
> Marcus.<https://www.redhat.com/training/certification/verify/index.html?rhce_cert_display:certno=807302339005657>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>





More information about the OLUG mailing list