Roaming User Profiles
nl at lippman.org
Fri Jun 21 01:59:43 BST 2002
> I didn't mean to suggest that 'security by obscurity' was a valid aproach,
> but in the context of a home LAN like mine it's sufficient because I know
> that the other users don't know a shell script from a dll. That's why my
> /etc/export looks in part like this:
> /home/dylan 192....2/32 rw,no_all_squash
> /home/dylan 192...0/24 ro,all_squash
Yes, I do agree with this. I use the same scheme at home for my LAN also,
where /home is exported rw,root_squash to 192.168.0.0/24. I also rely in the
fact that a) it is highly unlikely that someone will break into my house just
to plug into my LAN to look at my files, and b) I am the only one who knows
the root passwords to any of my boxes, and c) those using Win98 systems (wife
and kids) are subject to samba's security, which actually works better here
than does NFS - since there is no way, once logged in to a win98 machine, to
pretend to be someone else since samba requires the password to be
transmitted to connect to its shares.
I was commented more in the context of a larger LAN at a school or business,
for instance, where the good intentions of every user is not always a
> It seemed to me that the original query implied someone wanted or needed to
> log in to two workstations regularly. If you need to show someone a file,
> or refer to it then the group or other permissions in rw(x)r--r-- would let
> you read the file from someone elses login. If it's a case of email
> collection - get off your lazy butt and go to you desk. Better still, don't
> leave your machine logged in with a screensaver!
I'm not lazy - but sometimes I AM down in the basement helping my wife with
something on her computer, and I need some info from my own files, which
means either climbing up to my office or logging in from her computer.
Computers are _supposed_ to make things convenient - so the LAN should
deliver the data to me, not make me go to the data. This also comes up a lot
at work, where I regularly have to go from one building to another, and it's
convenient to access my mail from whichever site I am at.
This message is from the kde mailing list.
Account management: http://mail.kde.org/mailman/listinfo/kde.
More info: http://www.kde.org/faq.html.
More information about the kde