Roaming User Profiles

Neal Lippman nl at
Fri Jun 21 00:01:45 BST 2002

On Thursday 20 June 2002 01:59, Thomas L. Bevan wrote:
> Joan,
> People have already mentioned NFS, the network file system.
> This allows files and directories to be accessed on remote
> machines completely transparently as if they were local.
> The users will notice no difference.
> Typically, all the user and company data should be stored on one
> file server ( just a specially configured Linux box ) and the terminals
> would mount the user directories at boot.
> This is good not just for roaming profiles but also because it
> facilitates backingup et al. There are no security problems here that I
> know of if set up correctly.

	I am not sure that this is entirely correct. If you were to export, for 
instance, an entire /home partition on your nfs share, which contains subdirs 
for /home/<user>, then anyone who has root access on any machine that is 
allowed to mount that nfs export can access anyone's files. All they need to 
do is su to root on a workstation, then su to any uid that they want, and 
they can access any files on the nfs share that are owned by that uid. That's 
because nfs servers basically trust the client to "tell the truth" as to who 
is requesting access - but if you have root on a workstation, you can pretend 
to be anyone you want.

	I haven't been able to find any obvious way around this security hole - I'd 
be interested in comments from someone on how to do this.

This message is from the kde mailing list.
Account management:
More info:

More information about the kde mailing list