[olug] NIS / NFS permissions

[Christopher Cashell]

At Thu, 19 Jan 06, Unidentified Flying Banana Mr Scsi, said:
> We are also implementing comon home directories on a linux instance on 390.
> My problem is that some of our people work on *sensitive* material and store
> it in their home directories.
> I have restricted access to the nfs server, and set all home directories to
> 700, but I have some *un-cooperative* admins who keep doing:
> 
> cd /home
> chmod 775 <MyHomeDir>

So they are going in and changing the permissions on *other* people's
directories?

Enforcing technical restrictions becomes very difficult when you're
dealing with people who have root/administrative access.  People with
that kind of access should be accountable to corporate policies and
regulations, as opposed to technical measures.

I would suggest that anyone who is changing permissions on home
directories for other people, unless it is done directly at the request
of the person who owns the data, are a very fairly problem.  If there
is an explicit policy in place requiring that they not make changes like
that, and they're still being "un-cooperative" and doing it anyway, then
You have a *very* serious problem.

At most of the places I've worked, activities like the above would be
considered abuse of access, and will get your root/administrative access
revoked.  Repeated abuses like that would be grounds for termination.

> Andy Marcus

-- 
| Christopher
+------------------------------------------------+
| Here I stand.  I can do no other.              |
+------------------------------------------------+