Re: NFS Security Question

From: Chuck Davis (ckd3@dca.net)
Date: 08/13/01 

Message-ID: <000b01c12435$760dff60$0701a8c0@library>
From: "Chuck Davis" <ckd3@dca.net>
To: "McGee Olson" <molson@crystal.cirrus.com>, <focus-sun@securityfocus.com>
Subject: Re: NFS Security Question
Date: Mon, 13 Aug 2001 16:20:56 -0400

Can't do that the way you explained. You might want to try giving sudo
access and restrict permissions from there. No matter how you slice it,
root is root and root can do anything.

Chuck
----- Original Message -----
From: "McGee Olson" <molson@crystal.cirrus.com>
To: <focus-sun@securityfocus.com>
Cc: <jcwang@mail.utexas.edu>
Sent: Monday, August 13, 2001 1:06 PM
Subject: NFS Security Question

> Hello,
>
> I have been looking for information on securing NFS with respect to root
su
> abilities. I have read the NFS FAQ at nfs.sourceforge.net and am not
entirely
> sure of what they said.
>
> Here is an example of what I am trying to figure out:
>
> 1) You have an NIS server providing logins & passwords
> 2) You have an NFS server which houses user directories
> 3) Each workstation authenticates via NIS
> 4) Each workstation mounts the home directories via NFS
>
> So, the scenario goes like this. You have two users "joe" and "bob".
> You have two machines "foo" and "bar". "foo" and "bar" both satisfy
> (3) and (4) above, and each has a different root password. "joe" has
> root on "foo", and "bob" has root on "bar". "joe" logs in as root on
> "foo", and then he executes the line "su - bob". Now, "joe" is logged
> in as "bob" and has all the permissions associated with the "bob"
> account.
>
> Is there anyway to stop this from happening?
>
> Thanks,
> McGee
>
> --
> McGee Olson
> System Administrator, CAD Systems
> Cirrus Logic - Austin
>
>

Relevant Pages

  • NFS Security Question
    ... Subject: NFS Security Question ... I have been looking for information on securing NFS with respect to root su ... in as "bob" and has all the permissions associated with the "bob" ...
    (Focus-SUN)
  • Re: block root access to NFS mount
    ... I need to give root access to an NFS client host machine, ... Often this also means that root may not even access the nfs filesystem ...
    (Fedora)
  • Re: Problem setting up NFS on Ubuntu
    ... I have installed Ubuntu ... > I used System - Administration - Synaptic Package Manager to include NFS ... Should I be using the GUI, and if so, how do I do that as root, ... and doesn't change the permissions displayed by ls -l ...
    (comp.os.linux.setup)
  • Re: Tools for FreeBSD development
    ... Most typically, the setup involves a central development server running -STABLE, with a private network link to a series of crash boxes. ... The development server NFS exports a file system to use as an NFS root and for file sharing, as well as running tftp and dhcp servers. ... Each test system has its own exported root, so I can use individual loader.conf's to tell test systems to boot off NFS, boot off local disks, etc. ...
    (freebsd-hackers)
  • Re: Tools for FreeBSD development
    ... Most typically, the setup involves a central development server running -STABLE, with a private network link to a series of crash boxes. ... The development server NFS exports a file system to use as an NFS root and for file sharing, as well as running tftp and dhcp servers. ... Each test system has its own exported root, so I can use individual loader.conf's to tell test systems to boot off NFS, boot off local disks, etc. ...
    (freebsd-questions)