scott@grlab.UUCP (Scott Blachowicz) (06/28/89)
We just brought up NFS on our 9000/300,800 Series network, and I want to
be able to do system maintenances sorts of tasks from one system. Is it
possible to disable the Super-user-maps-to-uid-65534(aka -2) behavior? I
want a nice easy way to specify some remote directories when doing
system backups and such...I thought NFS was going to make it
easier...:-)
Thanx,
Scott Blachowicz
USPS: Graphicus UUCP: ...!hpubvwa!grlab!scott
150 Lake Str S, #206 VoicePh: 206/828-4691
Kirkland, WA 98033 FAX: 206/828-4236jim@cs.strath.ac.uk (Jim Reid) (06/30/89)
In article <240038@grlab.UUCP> scott@grlab.UUCP (Scott Blachowicz) writes: >We just brought up NFS on our 9000/300,800 Series network, and I want to >be able to do system maintenances sorts of tasks from one system. Is it >possible to disable the Super-user-maps-to-uid-65534(aka -2) behavior? NFS can allow remote root access. It is not a good idea to have NFS permit this by default. If someone becomes root on a client, they would then have super user access to the NFS servers. If you MUST do this, then patch the kernel variable called "nobody". NFS servers map root NFS requests to this user-id. Normally it is set to -2 (explaining the behaviour you describe above). Setting it to 0 will grant clients super user access to the server. You can patch the kernel with adb or an equivalent debugger. Some vendors allow you to set this variable as a option when configuring a kernel. >I want a nice easy way to specify some remote directories when doing >system backups and such... The way to do that is not to use NFS for backups! Use rdump to backup files to a remote tape drive or other backup device. Alternatively, pick up one of the many versions of tar that are floating around that have support for driving a remote tape device. Jim
vic@zen.co.uk (Victor Gavin) (07/01/89)
In article <239@baird.cs.strath.ac.uk> jim@cs.strath.ac.uk writes: >In article <240038@grlab.UUCP> scott@grlab.UUCP (Scott Blachowicz) writes: >>Is it possible to disable the Super-user-maps-to-uid-65534(aka -2) behavior? > >then patch the kernel variable called "nobody". NFS servers map root NFS >requests to this user-id. Normally it is set to -2 (explaining the >behaviour you describe above). Setting it to 0 will grant clients super >user access to the server. This is only because HP runs an old version of NFS. In the newer versions, the exports file describes how to map the root id when access is made to files on that file system from specific machines. >>I want a nice easy way to specify some remote directories when doing >>system backups and such... > >The way to do that is not to use NFS for backups! Use rdump to backup >files to a remote tape drive or other backup device. HP don't support rdump! > Jim vic -- Victor Gavin Zengrange Limited vic@zen.co.uk Greenfield Road ..!mcvax!ukc!zen.co.uk!vic Leeds England +44 532 489048 LS9 8DB
jim@cs.strath.ac.uk (Jim Reid) (07/03/89)
In article <1631@zen.co.uk> vic@zen.UUCP (Victor Gavin) writes: >HP don't support rdump! They should and there is no reason why rdump is missing from HP-UX. We took the 4.[23] BSD (r)dump and got it working on HP-UX. There's no real problem (apart from the names of some #include files) since HP-UX on the 300 series uses the Berekeley fast filesystem and dump/rdump was written specifically for this filesystem. Perhaps someone from HP will explain why they chose not to give their customers this particularly useful utility? It would have cost HP next to nothing to provide rdump. Jim