[NBLUG/talk] Time to RTFM, but which FM? -- Mounting home directories via nfs
Mark Street
jet at sonic.net
Wed Aug 27 15:42:00 PDT 2003
I am not an nfs guru but if the server is sharing an NFS share on an internal
network with the no_root_squash options then any "root" users from the
net/host/IP range that have been shared to will have root privs on that
share, just as if it were part of their own filesystem. If you are the only
root user on the network no biggie... but if a machine comes/roams into the
network and its user has root access on the box, boom..he may own it too..
depending on how you have the share configured. hence... Eric's evil remark.
You can export the share so that everyone gets squashed to a nobody or
nfsnobody on some systems. It's all in the export...
no_root_squash... evil
I think he had it right the first time. Don't share it with a no_root_squash.
ssh as a normal user and su to root on the nfs server, do your work and leave.
On Wednesday 27 August 2003 15:22, Jeremy Turner wrote:
> On Wed, 2003-08-27 at 11:44, Doug Palmer wrote:
> > OK, I have /home exported from the big server and nfs mounted on the
> > workstations. Seems to be OK for my user accounts, but local root gets
> > permission denied for any action on the nfs mounted files. What did I
> > miss?
>
> When the root user accesses an exported NFS filesystem, it actually runs
> as the user nobody. The no_root_squash option (as Eric mentioned) will
> make it work, but if some evil computer is able to look like the NFS
> client computer (IP or hostname or whatever), then it will allowed root
> access on the no_root_squash export. (someone correct me if I'm wrong).
>
> Maybe some other NFS guru can fill us in on the answer.
--
Mark Street, D.C.
Red Hat Certified Engineer
Cert# 807302251406074
--
Key fingerprint = 3949 39E4 6317 7C3C 023E 2B1F 6FB3 06E7 D109 56C0
GPG key http://www.streetchiro.com/pubkey.asc
More information about the talk
mailing list