NFS
der.hans
plug-discuss@lists.PLUG.phoenix.az.us
Sun, 6 May 2001 23:49:24 -0700 (MST)
Am 06. May, 2001 schwäzte Craig White so:
> and then cd to /home/barney I see all of the folders in barney:/home but
> most of them report 0 items when I cd into a folder and ls. I presume that
> the problem has to do with the fact that I am root on my host machine but
> not really root on the remote machine. How can I mount exported systems as
> though I am root?
Do you need root access? Without the no_root_squash option Kevin suggested
root becomes nobody on the remote machine[1].
Watch your UIDs for users if you use nfs. nfs doesn't care about username (
neither do rservices such as rsh[2] ) and uses UID.
username local UID remote UID
anke 300 400
fred 500 300
georg 600 500
Anke would have access to Fred's files on the remote box and Fred would be
able to abuse Georg's files on the remote machine.
Only use no_root_squash if you really need it. Does root on the local box
really need to have file access as root for files on the remote box?
ciao,
der.hans
[1] This is why web daemons shouldn't run as nobody. User overloading is a
security problem, e.g. if one protocol/daemon gets cracked you don't want
the cracker to have perms on the data from the other as well.
[2] Another reason to run ssh as it behave like us humans would think :),
e.g. keys on the username, not the UID.
--
# der.hans@LuftHans.com home.pages.de/~lufthans/ www.Aligo.com
# I've got a photographic memory,
# but I'm lousy photographer. - der.hans