I am currently managing a network of workstations running different flavours of Ubuntu. The server (also Ubuntu) runs a NIS
server and exports a shared /home
directory over NFS
(in v3 compatibility mode). Workstations are configured to mount server:/home
to /home
using static fstab
entries. Users can log-in from any workstation to their account while their /home/xxx
directory is always accessible (Quite old-school).
The problem (one out of many of course) with the current setup is, users can see the whole /home
. If users are not careful with file permissions in their home directories, their data can be accessed by other users.
I need advice on how to improve/upgrade the system, preferably with minimal change to the current setup.
Best Answer
Simple solution i use at work working well and no security problem so far: autofs You can find a lot of information about 'autofs' on the Net easily.
Make sure each user folder are 'chmod 700' and owned by them.
:-)
Here is a quick sample of the config i use:
Start NFS home directory automount:
Now, on the NIS client, set up automount to handle /home. In /etc/auto.master:
/home /etc/auto.home
And create /etc/auto.home with these contents:
* rw,sync hostname.of.nfs.server:/home/&
Then restart autofs, and make sure it starts at boot:
Configuration of NIS is another subject.