I got a strange security issue. I logon via SSH or local console with my user and get a ticket, then if local root su to my user, local root can access my files. I'm using CentOS 5.3: kernel-2.6.18-128.2.1.el5 krb5-workstation-1.6.1-31.el5_3.3 SESSION 1: ----------------------------------------------------------------- $ ssh root@xxxxxxx root@xxxxxxx's password: Last login: Wed Aug 26 08:06:49 2009 from X [root@KSTATION ~]# su carlos.andre [carlos.andre@KSTATION root]$ klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_10000) Kerberos 4 ticket cache: /tmp/tkt10000 klist: You have no tickets cached [carlos.andre@KSTATION root]$ cd /misc/home/carlos.andre bash: cd: /misc/home/carlos.andre: Permission denied [carlos.andre@KSTATION root]$ ----------------------------------------------------------------- [--OK--] SESSION 2: ----------------------------------------------------------------- $ ssh carlos.andre@xxxxxxx carlos.andre@xxxxxxx's password: Last login: Wed Aug 26 08:01:33 2009 from X [carlos.andre@KSTATION ~]$ klist Ticket cache: FILE:/tmp/krb5cc_10000_PPLMqF Default principal: carlos.andre@xxxx Valid starting Expires Service principal 08/26/09 08:30:12 08/26/09 18:30:12 krbtgt/X.BR@xxxx renew until 08/26/09 08:30:12 Kerberos 4 ticket cache: /tmp/tkt10000 klist: You have no tickets cached [carlos.andre@KSTATION ~]$ cd /misc/home/carlos.andre [carlos.andre@KSTATION carlos.andre]$ ls -la total 8 drwxrwx--- 2 carlos.andre users 4096 Aug 21 09:04 . drwxr-xr-x 3 root root 0 Aug 26 08:30 .. [carlos.andre@KSTATION carlos.andre]$ ----------------------------------------------------------------- [--OK--] NOW BACK TO SESSION 1: ----------------------------------------------------------------- [carlos.andre@KSTATION root]$ cd /misc/home/carlos.andre [carlos.andre@KSTATION carlos.andre]$ ls -la total 8 drwxrwx--- 2 carlos.andre users 4096 Aug 21 09:04 . drwxr-xr-x 3 root root 0 Aug 26 08:30 .. [carlos.andre@KSTATION carlos.andre]$ klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_10000) Kerberos 4 ticket cache: /tmp/tkt10000 klist: You have no tickets cached [carlos.andre@KSTATION carlos.andre]$ ----------------------------------------------------------------- [WTF!?!?] Then, if I log on someone machine, local root user (and 'su' to my user) will have access to my files like NFS without Kerberos?? This behavior is "correct" or it's a bug? And more strange it's credentials, root 'su'ed to my user doesnt got credentials, but still have access to my files... Or I'm doing something wrong? -_-' Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html