Re: NFS replacements for Linux

From: Dan Pritts (danno_at_umich.edu)
Date: 10/28/03

  • Next message: Gabriel - Iulian Dumbrava: "Re: AntiVirus for Red Hat 9?"
    Date: Tue, 28 Oct 2003 10:18:54 -0500
    To: Robert Campbell <rlc1@post.queensu.ca>
    
    

    On Mon, Oct 27, 2003 at 04:53:54PM -0500, Robert Campbell wrote:
    > On 2003-10-24 12:51 you wrote:
    > > Well NFSv3 gives IP based security. It depends upon the client to
    > > authenticate users. If user A should get root access on a system
    > > (IP) which can access NFS mountable home directories, he can very easily
    > > access user B's private information without knowing user B's password.
    >
    > What if the host containing the NFS mountable home directories exports
    > those directories with the 'root_squash' directive (the default, on
    > Debian systems at least). In this case the root user is mapped to the
    > 'nobody' user on the exporting host. Therefore user 'root' on machine A
    > should only be able access what user 'nobody' on machine B could access.

    root on the client can su to any userid, and therefore read/write any
    non-root user's files.

    danno

    --
    dan pritts
    danno@umich.edu
    734 996 0169
    

  • Next message: Gabriel - Iulian Dumbrava: "Re: AntiVirus for Red Hat 9?"