andersk / nss_nonlocal.git / blame
| Commit | Line | Data |
|---|---|---|
| f6903667 AK |
1 | This is nss_nonlocal, an nsswitch module that acts as a proxy for other |
| 2 | nsswitch modules like hesiod, but prevents non-local users from | |
| 3 | potentially gaining local privileges by spoofing local UIDs and GIDs. | |
| 4 | ||
| 5 | To use it, configure /etc/nsswitch.conf as follows: | |
| 6 | ||
| 7 | passwd: compat nonlocal | |
| 8 | passwd_nonlocal: hesiod | |
| 9 | group: compat nonlocal | |
| 10 | group_nonlocal: hesiod | |
| 96a1ee0f | 11 | |
| 6ca16423 AK |
12 | The module also assigns special properties to two local groups, if |
| 13 | they exist: | |
| 14 | ||
| 15 | • If the local group ‘nss-nonlocal-users’ exists, then nonlocal users | |
| 16 | will be automatically added to it. | |
| 17 | ||
| 18 | • If the local group ‘nss-local-users’ exists, then local users will | |
| 19 | be automatically added to it. | |
| 20 | ||
| 96a1ee0f AK |
21 | Copyright © 2007–2010 Anders Kaseorg <andersk@mit.edu> and Tim Abbott |
| 22 | <tabbott@mit.edu> | |
| 23 | ||
| 24 | nss_nonlocal is free software; you can redistribute it and/or modify | |
| 25 | it under the terms of the GNU Lesser General Public License as | |
| 26 | published by the Free Software Foundation; either version 2.1 of the | |
| 27 | License, or (at your option) any later version. | |
| 28 | ||
| 29 | nss_nonlocal is distributed in the hope that it will be useful, but | |
| 30 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 31 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 32 | Lesser General Public License for more details. | |
| 33 | ||
| 34 | You should have received a copy of the GNU Lesser General Public | |
| 35 | License along with nss_nonlocal; if not, write to the Free Software | |
| 36 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
| 37 | 02110-1301 USA |