30.9 Protecting Modules Responsible for Security Equivalence Vectors

The Linux modules in user space that are responsible for providing Security Equivalence Vectors for NSS users can be replaced without the kernel module being aware of it. Make sure that the directory /opt/novell/nss/sbin/ and the files involved (ndpapp and idbrokerd) can only be modified by the root user. For example, make root the owner and set permissions to restrict access for Group and Other users.