mtsu@blake.acs.washington.edu (Montana State) (01/31/89)
I have 4 mVAXen hooked together, and I'm using a lot of NFS serving to provicde home directories and all that crap. I'm running Ultrix 2.3 on all nodes, I'm not running YP. What I want to do is to be able to sit as root on caesar, and modify files on the other machines. This used to work uder Ultrix 2.0, there was a procedure to change the value of the kernel variable nobody to 0 rather than -2. It don't seem to work under 2.3 ... I tried changing the nobody passwd entry to 0:0 for UID and GID, and that didn't work either. Any suggestions?? Replies to icsu6000@caesar.cs.montana.edu or utah-gr!mts-cs!icsu6000 if these questions are too basic.
arosen@hawk.ulowell.edu (MFHorn) (02/01/89)
> What I want to do is to be able to sit > as root on caesar, and modify files on the other machines. This used to > work uder Ultrix 2.0, there was a procedure to change the value of the > kernel variable nobody to 0 rather than -2. It don't seem to work under > 2.3 Check /etc/exports on the server. Chances are you're missing '-r=0'. The -r option sets the uid mapping for that filesystem. The default is -2. One nice feature about DEC's NFS is root-uid mapping is on a per-filesystem basis rather than having just one mapping for the whole system. It would be even better if you could export a filesystem in more than way. For example, export /usr to host1 read-only and map root to -2, but export /usr to host2 read-write and map root to 0 [Sun: hint, hint]. -- Andy Rosen | arosen@hawk.ulowell.edu | "I got this guitar and I ULowell, Box #3031 | ulowell!arosen | learned how to make it Lowell, Ma 01854 | | talk" -Thunder Road RD in '88 - The way it should've been
mtsu@blake.acs.washington.edu (Montana State) (02/01/89)
In article <11494@swan.ulowell.edu> arosen@hawk.ulowell.edu writes: >> What I want to do is to be able to sit >> as root on caesar, and modify files on the other machines. This used to >Check /etc/exports on the server. Chances are you're missing '-r=0'. >The -r option sets the uid mapping for that filesystem. The default >is -2. >Andy Rosen | arosen@hawk.ulowell.edu | "I got this guitar and I Well, it was definitely a case of RTFM, except I was reading 2.0 (I think) hardcopy, and not my nice new unformatted up-to-date 2.3 manuals. THANX FOR ALL THE RESPONSES. icsu6000@caesar.cs.montana.edu
jeff@tekcsc.MKT.TEK.COM (Jeff Beadles) (02/01/89)
In article <695@blake.acs.washington.edu> mtsu@blake.UUCP (Montana State) writes: > > >I have 4 mVAXen hooked together, and I'm using a lot of NFS serving to >provicde home directories and all that crap. I'm running Ultrix 2.3 >on all nodes, I'm not running YP. What I want to do is to be able to sit >as root on caesar, and modify files on the other machines. This used to >work uder Ultrix 2.0, there was a procedure to change the value of the >kernel variable nobody to 0 rather than -2. It don't seem to work under 2.3 >... I tried changing the nobody passwd entry to 0:0 for UID and GID, and that >didn't work either. Any suggestions?? > >Replies to icsu6000@caesar.cs.montana.edu or utah-gr!mts-cs!icsu6000 if these >questions are too basic. Well, it's a little more involved than that. Here's how to do it. (First, a disclaimer...) TEKTRONIX DOES NOT SUPPORT THIS MODIFICATION. =============================================================================== Unsupported modification to change kernel's idea of who root should be when traversing an NFS mountpoint. This is a security problem, if implimented. ON SERVER MACHINE -------------------------------------------------------- cd / # move to root directory cp vmunix vmunix.old # make copy of vmunix adb -w /vmnix /dev/kmem # invoking adb nobody/D # should say -2 nobody/W 0 # should say _nobody: 0xfffffffe = 0x0 nobody/D # should say 0 $w # write $q #quit Then, reboot with the new kernel. ================================================================================
ekrell@hector.UUCP (Eduardo Krell) (02/01/89)
In article <11494@swan.ulowell.edu> arosen@hawk.ulowell.edu writes: >For example, export /usr to host1 read-only and map root to -2, but export >/usr to host2 read-write and map root to 0 [Sun: hint, hint]. Check out SunOS 4.x, where in /etc/exports you can specify a "root" option which lists the nodes to which you're giving root equivalence access for a particular filesystem ... Eduardo Krell AT&T Bell Laboratories, Murray Hill, NJ UUCP: {att,decvax,ucbvax}!ulysses!ekrell Internet: ekrell@ulysses.att.com
tony@gvgpvd.GVG.TEK.COM (Tony Ivanov) (02/03/89)
In article <162@tekcsc.MKT.TEK.COM> jeff@tekcsc.MKT.TEK.COM (Jeff Beadles) writes: >In article <695@blake.acs.washington.edu> mtsu@blake.UUCP (Montana State) writes: >> >> >>I have 4 mVAXen hooked together, and I'm using a lot of NFS serving to >>provicde home directories and all that crap. I'm running Ultrix 2.3 >>on all nodes, I'm not running YP. What I want to do is to be able to sit >>as root on caesar, and modify files on the other machines. This used to >>work uder Ultrix 2.0, there was a procedure to change the value of the >>kernel variable nobody to 0 rather than -2. It don't seem to work under 2.3 >>... I tried changing the nobody passwd entry to 0:0 for UID and GID, and that >>didn't work either. Any suggestions?? > >Well, it's a little more involved than that. Here's how to do it. >(First, a disclaimer...) > [ (well documented) instructions on how to do it ] I am familiar with the problem he explained. We have the same problem. It is not a matter of changing the kernel variable "nobody". I have done this on two VAXes both running ULTRIX 2.2; It works on one, but not the other. In my case, the uVAX II server works fine while my VAX 3500 doesn't. DEC...IF YOU ARE LISTENING...PLEASE HELP! I am anxiously reviewing this newsgroup for someone to relay a fix. BTW, you can also change this "nobody" variable on a currently running system with: adb -k -w /vmunix /dev/mem nobody?W 0 ^D This will make root access over NFS allowable immediately. -- Tony -- /* My opinions... * Tony Ivanov MS-4B * ...ucbvax! */ /* shared by my company?!... * Grass Valley Group, Inc. * tektronix! */ /* you've got to be kidding! * P.O. Box 1114 * gvgpsa! */ /* "tony@gvgpvd.GVG.TEK.COM" * Grass Valley, CA 95945 * gvgpvd!tony */
guy@auspex.UUCP (Guy Harris) (02/08/89)
>>For example, export /usr to host1 read-only and map root to -2, but export >>/usr to host2 read-write and map root to 0 [Sun: hint, hint]. > >Check out SunOS 4.x, where in /etc/exports you can specify a "root" >option which lists the nodes to which you're giving root equivalence >access for a particular filesystem ... ... and an "rw" option which lists the nodes to which you're giving read-write access for a particular filesystem.