测试nis的时候发现居然在nis client->root中转换到nis任意用户都不要密码就能成功,在nis client->other就需要密码了,看以下操作
Last login: Fri Aug 20 21:53:07 2010
[root@localhost ~]# nisdomainname
china
[root@localhost ~]# tail -n 3 /etc/passwd
gdm:x:42:42::/var/gdm:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
localuser:x:503:503::/home/localuser:/bin/bash
[root@localhost ~]# su – test2
su: warning: cannot change directory to /home/test2: No such file or directory
-bash-3.2$ exit
logout
[root@localhost ~]# su – localuser
[localuser@localhost ~]$ su – test2
Password:
su: warning: cannot change directory to /home/test2: No such file or directory
-bash-3.2$ exit
logout
事实证明这的确存在,不知道是否算nis的一个bug呢?如果当某台主机因为某个漏洞而获取root权限,那危险岂不是接踵而来?另外nis将用户信息保存在server中的passwd.by*中,却还加入密码(已经加密),但是谁能确保这密码不能被破解?如下
[root@localhost ~]# ypwhich -x
Use “ethers” for map “ethers.byname”
Use “aliases” for map “mail.aliases”
Use “services” for map “services.byname”
Use “protocols” for map “protocols.bynumber”
Use “hosts” for map “hosts.byname”
Use “networks” for map “networks.byaddr”
Use “group” for map “group.byname”
Use “passwd” for map “passwd.byname”
[root@localhost ~]# ypcat passwd.byname
test2:$1$ygngWSf4$7ZlhV5zAWIVLkXMDwiWWF.:502:502::/home/test2:/bin/bash
test1:$1$yBTb8lkU$VJCHpO4QSAAdB7qpoItng1:501:501::/home/test1:/bin/bash
test:$1$PkTGj7p.$nYJ44SldL9QZictnTdjME0:500:500::/home/test:/bin/bash
Last login: Fri Aug 20 21:53:07 2010
[root@localhost ~]# nisdomainname
china
[root@localhost ~]# tail -n 3 /etc/passwd
gdm:x:42:42::/var/gdm:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
localuser:x:503:503::/home/localuser:/bin/bash
[root@localhost ~]# su – test2
su: warning: cannot change directory to /home/test2: No such file or directory
-bash-3.2$ exit
logout
[root@localhost ~]# su – localuser
[localuser@localhost ~]$ su – test2
Password:
su: warning: cannot change directory to /home/test2: No such file or directory
-bash-3.2$ exit
logout
事实证明这的确存在,不知道是否算nis的一个bug呢?如果当某台主机因为某个漏洞而获取root权限,那危险岂不是接踵而来?另外nis将用户信息保存在server中的passwd.by*中,却还加入密码(已经加密),但是谁能确保这密码不能被破解?如下
[root@localhost ~]# ypwhich -x
Use “ethers” for map “ethers.byname”
Use “aliases” for map “mail.aliases”
Use “services” for map “services.byname”
Use “protocols” for map “protocols.bynumber”
Use “hosts” for map “hosts.byname”
Use “networks” for map “networks.byaddr”
Use “group” for map “group.byname”
Use “passwd” for map “passwd.byname”
[root@localhost ~]# ypcat passwd.byname
test2:$1$ygngWSf4$7ZlhV5zAWIVLkXMDwiWWF.:502:502::/home/test2:/bin/bash
test1:$1$yBTb8lkU$VJCHpO4QSAAdB7qpoItng1:501:501::/home/test1:/bin/bash
test:$1$PkTGj7p.$nYJ44SldL9QZictnTdjME0:500:500::/home/test:/bin/bash
*以上情况是在默认的nis环境中出现
本文转hackfreer51CTO博客,原文链接:http://blog.51cto.com/pnig0s1992/425418,如需转载请自行联系原作者
