Re: NFS replacements for Linux
From: Dan Pritts (danno_at_umich.edu)
Date: Tue, 28 Oct 2003 10:18:54 -0500 To: Robert Campbell <firstname.lastname@example.org>
On Mon, Oct 27, 2003 at 04:53:54PM -0500, Robert Campbell wrote:
> On 2003-10-24 12:51 you wrote:
> > Well NFSv3 gives IP based security. It depends upon the client to
> > authenticate users. If user A should get root access on a system
> > (IP) which can access NFS mountable home directories, he can very easily
> > access user B's private information without knowing user B's password.
> What if the host containing the NFS mountable home directories exports
> those directories with the 'root_squash' directive (the default, on
> Debian systems at least). In this case the root user is mapped to the
> 'nobody' user on the exporting host. Therefore user 'root' on machine A
> should only be able access what user 'nobody' on machine B could access.
root on the client can su to any userid, and therefore read/write any
non-root user's files.
-- dan pritts email@example.com 734 996 0169