NIS insecurity

[cbc4u]

Hello

We have a linux NIS server with solaris clients, windows 2000 domain with 2000 domain controller, accessing a netapp server mixed platform. The home directories on windows and unix are mapped to a common home directory as follows

unix \netappbox\user1
windows \netapbox\user1\private

I noticed when users on there local sun machines change to
su root (promted for password)
then su user1,
they are not prompted for a password
then they are able to navigate into private directories
of windows

I was wondering if there is a way to correct this on
nis. Or if in NIS plus or perhaps a more secure network
authentication scheme

Thanks Jeff

 

[mikeclark]

Once you let people su to root they have the ability to see the whole filesystem and can su -<username>. If people need superuser access for certain things you should look at using sudo to give them the ability to run the required things as root, but not have the full run of the machine.
Then the root password would only be used by sysadmin people who need total access.

 

[cbc4u]

I guess I thought it was like windows in that
domain administrator is different the local machine
administrator. In this nis authentication really
all someone has to do is gain access to any unix
or linux root password then they have access to all
users on nis network. So the question is is there another
authentication scheme that you can only authenticate
through one server on the network perhaps using nis plus
or configuration of PAM.

Jeff