greg@cityzoo.acs.umbc.edu (Greg Sylvain,Lib 007,3929,4376834) (03/22/90)
Does anyone out there have a patch for nfs that allows root to "be"
root over an nfs mount. (i.e. to allow root to access a file that, on the
remote machine, has permissions only for the owner of the file in question.
[0700])
I know there was alot of discussion on this topic earlier in the
year, did anything come of it ? And better yet, is it fixed in 7.0 ?
I'm running 6.5 hp-ux on a hp9000s300 model 340.
Thanks from any info,
greg
Greg Sylvain
Academic Computing Services
Systems Programmer
UUCP: ...!{uunet}!umbc3!greg
Internet (Arpa) : greg@umbc3.umbc.edu
BITNET : GREGS@UMBCmilburn@me10.lbl.gov (John Milburn) (03/22/90)
In article <3008@umbc3.UMBC.EDU> greg@umbc3.umbc.edu (Greg Sylvain,Lib 007,3929,4376834) writes: > > Does anyone out there have a patch for nfs that allows root to "be" >root over an nfs mount. (i.e. to allow root to access a file that, on the >remote machine, has permissions only for the owner of the file in question. >[0700]) From last summer: ----------------------------------------------- From: vic@zen.co.uk (Victor Gavin) Newsgroups: comp.sys.hp Subject: Re: Backup over net (Was Re: NFS Super users?) Date: 19 Jul 89 10:47:44 GMT Organization: Zengrange Limited, Leeds, England [...] This is where the changing of the kernal's map of UID 0 to nobody becomes useful. To do this just adb -w /hp-ux nobody ?W 0 $q The problem is that now root on any machine can access all the files on the machine that uses this kernal. Of course this b*ggers up security no end. What the newer versions of NFS allow, is for you to specify when you export a file system, which machines can have root access to that file system eg On our Sun machine we have this line to allow our 840 to back up its / directory / -access=zen:zenvec,root=zen (-access specifies which machines can access the file system and -root says which machines have root capability on that file system) vic -- Victor Gavin Zengrange Limited vic@zen.co.uk Greenfield Road ..!mcvax!ukc!zen.co.uk!vic Leeds England +44 532 489048 LS9 8DB -------------------------------------------------- -jem JEMilburn@lbl.gov ...!ucbvax!lbl.gov!JEMilburn
nick@bischeops.UUCP (Nick Bender) (04/12/90)
In article <PS.90Apr2132224@sparrow.tut.fi>, ps@tut.fi (Pertti Suomela) writes: > In article <5178@helios.ee.lbl.gov> milburn@me10.lbl.gov (John Milburn) writes: > > In article <3008@umbc3.UMBC.EDU> greg@umbc3.umbc.edu (Greg Sylvain,Lib 007,3929,4376834) writes: > > > > > > Does anyone out there have a patch for nfs that allows root to "be" > > >root over an nfs mount. > > [ kernel patch rm'ed ] > > > The problem is that now root on any machine can access all the files on the > > machine that uses this kernal. Of course this b*ggers up security no end. > > Meaning the each and every PC (with NFS) in the net has root access to > your file system. Not a nice idea to me. Yeah, yeah. Bla bla bla. The real solution is in the latest rev of NFS (available on your nearest Sun, NeXT, or other up-to-date platform). To quote "man 5 exports": An entry for a directory consists of a line of the following form: directory -option[,option ]... directory is the pathname of a directory (or file). option is one of ... anon=uid If a request comes from an unknown user, use uid as the effective user ID. Note: root users (uid 0) are always considered unknown by the NFS server, unless they are included in the root option below. The default value for this option is -2. Setting anon to -1 disables anonymous access. Note: by default secure NFS will accept insecure requests as anonymous, and those wishing for extra security can disable this feature by setting anon to -1. root=hostnames[:hostname]... Give root access only to the root users from a specified hostname. The default is for no hosts to be granted root access. ... EXAMPLE /usr -access=clients # export to my clients /usr/local # export to the world /usr2 -access=hermes:zip:tutorial# export to only these machines /usr/sun -root=hermes:zip # give root access only to these /usr/new -anon=0 # give all machines root access ... Sun Release 4.0 Last change: 22 March 1989 2 ^^^^^^^^^^^^^^^^^^^^^^^^^^ Looks like this stuff has been around for awhile... So how bout it HP? New nfs anytime soon? HPUX 9.0? Nick Bender nick%bischeops@uunet.uu.net
mark@comp.vuw.ac.nz (Mark Davies) (04/15/90)
In article <395@bischeops.UUCP> nick@bischeops.UUCP (Nick Bender) writes: >Yeah, yeah. Bla bla bla. The real solution is in the latest rev of NFS >(available on your nearest Sun, NeXT, or other up-to-date platform). or HP running MORE/bsd from mt Xinu. cheers mark