Re: NFS replacements for Linux
From: Dan Pritts (danno_at_umich.edu)
Date: 10/28/03
- Previous message: Devdas Bhagat: "Re: AntiVirus for Red Hat 9?"
- In reply to: Robert Campbell: "Re: NFS replacements for Linux"
- Next in thread: Chuck Wolber: "Re: NFS replacements for Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Oct 2003 10:18:54 -0500 To: Robert Campbell <rlc1@post.queensu.ca>
On Mon, Oct 27, 2003 at 04:53:54PM -0500, Robert Campbell wrote:
> On 2003-10-24 12:51 you wrote:
> > Well NFSv3 gives IP based security. It depends upon the client to
> > authenticate users. If user A should get root access on a system
> > (IP) which can access NFS mountable home directories, he can very easily
> > access user B's private information without knowing user B's password.
>
> What if the host containing the NFS mountable home directories exports
> those directories with the 'root_squash' directive (the default, on
> Debian systems at least). In this case the root user is mapped to the
> 'nobody' user on the exporting host. Therefore user 'root' on machine A
> should only be able access what user 'nobody' on machine B could access.
root on the client can su to any userid, and therefore read/write any
non-root user's files.
danno
-- dan pritts danno@umich.edu 734 996 0169
- Previous message: Devdas Bhagat: "Re: AntiVirus for Red Hat 9?"
- In reply to: Robert Campbell: "Re: NFS replacements for Linux"
- Next in thread: Chuck Wolber: "Re: NFS replacements for Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
