Yuri Csapo wrote: > After a battle of years, "academic freedom" was invoked and very senior > management, in its infinite wisdom, has decided that our users (mostly > researchers) should have root access (or full sudo, which amounts to the > same thing) to their Linux workstations. > > Does anybody have experience running a Unix/Linux network like this? > > Remember full sudo means the ability to 'sudo su' and become any other > user, making permissions (even across NFS) useless. Don't use NFS with this access model. NFS is designed for the case where the network administrators control all client systems and normal users only have normal (non-root) accounts on those systems. Use CIFS (Samba) instead. Each client connects to the server as a specific user, and only has the access permitted to that user. IOW, NFS has the client perform access checks, CIFS does it on the server. > It also means the > ability to play with/pilfer/replace Kerberos keytabs, allowing one to > impersonate any box to which they have access. The support nightmare > cannot be used as an argument against this because users have convinced > management that "that's what support is for." > > All I can do is control the servers and decide how services will be > presented and which hoops users should go through to be able to use > server resources. Yep. That's hardly an uncommon environment, although it's not the traditional "Unix network". IMHO, it's not an unreasonable administrative decision, but it needs to be borne in mind just how much changes, and how much work the transition will require. > The current environment is basically Kerberos authentication, NIS > authorization and NFS/CUPS services. Most of the clients are owned, > built, maintained and supported by my organization, but some users will > use their new found freedom to build/buy their own boxes. > > The plan is to move away from NIS to LDAP and from NFS to AFS. > > What other problems do people see? Any thoughts and suggestions will be > greatly appreciated. If users have root access, they also have direct control over the networking hardware, so you'll need to think about the underlying network topology. One option is to replace any hubs with switches (with port locking) and maintain physical security on the cables, but it's probably easier to treat the bulk of the network as untrusted and require users to log in to a VPN server. -- Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html