eric%yamada-sun@cse.ogi.edu (11/02/90)
Here's the deal: I've got 5 Suns, 4 of which are NFS clients of the fifth. The server's /etc/exports looks like this: / -anon=0 /usr -anon=0 /home -anon=0 /little/local /little/games # /export/root/cheapie -root=cheapie,access=cheapie /little/export/cheapie -root=cheapie,access=cheapie # /export/exec/kvm/sun4c /usr/kvm /usr/share # /export/root/bob -root=bob,access=bob /little/export/bob -root=bob,access=bob (As you might have guessed, `bob' and `cheapie' are diskless clients). Anyway, the time is going to come soon when we get a new workstation or two, probably DECstations running Ultrix and/or Apollos under DOMAIN/IX. I'm assuming that those systems will run NFS, and also be clients of our server; I'm also assuming that I will not administer those systems. Someone else will, and my problem is this: I would like to be able to prevent root on those systems from having root privelege on the server. The first thing I thought of was to remove the `-anon=0' from the server's /etc/exports, but when I tried that, I started getting hourly messages on some of the clients about not being able to write into /usr/spool/mqueue. I also tried `-access=domain', but that didn't make any difference. Ideas, anyone? I'll even appreciate RTFMs.