search for: rougu

...he sys_unlink() succeeds. For the security paranoid: all system files/directories should be owned by some user with no login account: 'adm' or 'system' might be a good choice. Thus, any legitimate (capable) instance of the superuser can still maintain/manipulate the system, but any rougue daemon (hobbled with a wrapper like execcap, but running as root because of a need for a restricted number of capabilities) cannot start replacing system libraries etc. [There is a small book called Secure Unix by Samuel Samalin which goes into this sort of thing. It gives a broarder perspective...

We are currently using samba and openLDAP to enable our users to have roaming profiles on our domain network. We have one primary domain controller and 7 "home servers" at the various locations that serve the profiles and such. The problem is that randomly various users are unable to load their profile and windows just gives them a temporary profile. This mostly happens on vista