Re: NFS Security Question

From: Armin Safarians (armin.safarians@safeway.com)
Date: 08/15/01 

Message-ID: <3B7A83D8.5B3DA620@safeway.com>
Date: Wed, 15 Aug 2001 07:14:49 -0700
From: "Armin Safarians" <armin.safarians@safeway.com>
To: "Rich Teer" <richard.teer@rite-group.com>
Subject: Re: NFS Security Question

Of course, however you can always su to bob and get permission to his sensitive
data. There is no need to have root on the mount in this case to accomplish the
bad dead. As mentioned in a few threads back, the only was that is reasonable to
implement is to use secure NFS. Some thing more that the standard unix
authentication.

AMS :-)

Rich Teer wrote:

> On Tue, 14 Aug 2001, Ryan Russell wrote:
>
> > Anyway... All I have to do is invite Bob to log into my box, and his drive
> > mounts automatically, and I CD to it, because I'm root, yes?
>
> By default, root's UID gets mapped to nobody for NFS mounts, so if
> Bob's directory doesn't permit access to others, you still won't be
> allowed to cd to it, even though you're root.
>
> --
> Rich Teer
>
> President,
> Rite Online Inc.
>
> Voice: +1 (250) 979-1638
> URL: http://www.rite-online.net 

--
*******
RISK
In the pursuit of a dream, the best path will often
span the deepest ravine
*******

"WorldSecure Server <safeway.com>" made the following
 annotations on 08/15/01 08:15:02
------------------------------------------------------------------------------
Warning: 
All e-mail sent to this address will be received by the Safeway corporate e-mail system, and is subject to archival and review by someone other than the recipient.  This e-mail may contain information proprietary to Safeway and is intended only for the use of the intended recipient(s).  If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited.  If you have received this message in error, please notify the sender immediately. 
  

==============================================================================

Relevant Pages

  • Re: NFS Security Question
    ... Subject: NFS Security Question ... >If I'm sitting in front of my desktop Sparc, I can always get root. ... you "su -c bob" as root you didn't get bob's Secure RPC key or Kerberos ...
    (Focus-SUN)
  • Re: md device backing files on nfs mounts?
    ... >> How do you get the NFS mount before you have a root? ... > Just the jails would be on md devices on the nfs mounted filesystem. ... > Ie, main computer boots normally, mounts nfs filesystem, then mounts ...
    (freebsd-questions)
  • initrd does not boot in 2.6.3, working in 2.4.25
    ... that is, it unpacks image.gz into ramdisk #0, mounts it, ... mounts devfs on /dev and execs /linuxrc.nfs.vda. ... complains about NFS server. ... VFS: Mounted root ...
    (Linux-Kernel)
  • Strange interaction between dump and NFS
    ... and, indeed, showmout shows that the root isn't exported and NFS ... mounts of the exported root filesystem stop working. ... What happens at 3:11 AM is that dump starts running on the root file ...
    (freebsd-questions)
  • Re: NFS Security Question
    ... Subject: NFS Security Question ... >> and su to bob to cd into his directory if its available to this machine. ... > that, of course, I get to play all the tricks that root can play. ... NFS protocol (NFS requests will claim to be that uid). ...
    (Focus-SUN)