]>
Commit | Line | Data |
---|---|---|
f6903667 AK |
1 | This is nss_nonlocal, an nsswitch module that acts as a proxy for other |
2 | nsswitch modules like hesiod, but prevents non-local users from | |
3 | potentially gaining local privileges by spoofing local UIDs and GIDs. | |
4 | ||
5 | To use it, configure /etc/nsswitch.conf as follows: | |
6 | ||
7 | passwd: compat nonlocal | |
8 | passwd_nonlocal: hesiod | |
9 | group: compat nonlocal | |
10 | group_nonlocal: hesiod | |
96a1ee0f | 11 | |
6ca16423 AK |
12 | The module also assigns special properties to two local groups, if |
13 | they exist: | |
14 | ||
15 | • If the local group ‘nss-nonlocal-users’ exists, then nonlocal users | |
16 | will be automatically added to it. | |
17 | ||
18 | • If the local group ‘nss-local-users’ exists, then local users will | |
19 | be automatically added to it. | |
20 | ||
96a1ee0f AK |
21 | Copyright © 2007–2010 Anders Kaseorg <andersk@mit.edu> and Tim Abbott |
22 | <tabbott@mit.edu> | |
23 | ||
24 | nss_nonlocal is free software; you can redistribute it and/or modify | |
25 | it under the terms of the GNU Lesser General Public License as | |
26 | published by the Free Software Foundation; either version 2.1 of the | |
27 | License, or (at your option) any later version. | |
28 | ||
29 | nss_nonlocal is distributed in the hope that it will be useful, but | |
30 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
31 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
32 | Lesser General Public License for more details. | |
33 | ||
34 | You should have received a copy of the GNU Lesser General Public | |
35 | License along with nss_nonlocal; if not, write to the Free Software | |
36 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
37 | 02110-1301 USA |