SURF159%KUB.NL@cunyvm.cuny.edu (NIH Amsterdam, wg5) (01/02/90)
> Subject: NFS on HP9000/840, is single user access possible? > > I've just installed NFS on an HP9000/840 running HP-UX 3.11. Some users > have now asked if they can mount their personal directories from the > 840 on their office workstations. These workstations may be Suns, Decs, HPs, > etc., also running NFS. For this to be successful we need to insure that > ........ etc. > > So my questions are 1) does anyone know a way to accomplish these objectives? > and 2) are there any other concerns I need to consider before we try to > offer this service? We are working with a HP9000/835 with the NFS services as a diskserver and some workstations like HP9000/360 and 340's. The diskserver exports some filesystems needed on the workstations. The files in these filesystems are protected by the uid and gid of the creator of the files and works the same as if the filesystem were mounted lokal. There is but one difference, the superuser of the workstation has only his influence on its own machine and has no extra privileges than a normal user on the mounted filesystems. Other things which can be considered are ACL(access control lists) available on HP-UX 7.0 and using YP(Yellow pages). YP can be used to export databases like passwd, hosts, networks, etc. onto the network so the workstations don't have to update these tables when there is a change in one of these. This is important e.g. in the case of the passwd file in which the uid must be kept the same on all machines.
tml@hemuli.tik.vtt.fi (Tor Lillqvist) (01/02/90)
In article <21918@adm.BRL.MIL> SURF159%KUB.NL@cunyvm.cuny.edu (NIH Amsterdam, wg5) writes: >There is but one difference, the >superuser of the workstation has only his influence on its own machine and >has no extra privileges than a normal user on the mounted filesystems. Yes, but don't forget that if a user is root on their workstation, they can use su to become any other user, and look through that user's files on other hosts via NFS. -- Tor Lillqvist, working, but not speaking, for the Technical Research Centre of Finland