NRM grants root access to LUM enabled eDirectory admins

  • 3857626
  • 19-Jul-2006
  • 27-Apr-2012


Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
Novell Remote Manager
Novell Open Enterprise Server (Linux based)


The default behavior of Novell Remote Manager allows users with supervisor rights to the LUM workstation objects to login to Novell Remote Manager and gain root access to the Linux file system.

For purposes of this document an eDirectory administrator account is a user given supervisor rights in the eDirectory tree.

There are configuration options for Novell Remote Manager to limit certain kinds of users from logging into Novell Remote Manager but no options to allow granular definition of which eDirectory administration accounts can get root access.  See the documentation for Novell Remote Manager configuration options.


Any approach to rights assignments in eDirectory which will restrict supervisor access to the LUM workstation objects will prevent undesired root access for eDirectory administration accounts.


Assign supervisor rights to eDirectory administration accounts only in specific containers.


Place LUM workstation objects in a container were supervisor rights are restricted.

To check rights of users to LUM workstation objects:
Choose Rights | View Effective Rights
Enter the user account to be checked
Browse to the LUM workstation object to be checked in the Object Name field
Effective rights for the user for each Property selected will be displayed in the Effective rights window.


Security Alert

Change Log

2012-02-07 - Jan Kalcic - Fixed wrong syntax (double http://) in the link to the documentation