dzubera@mozart.cs.colostate.edu (Zube) (05/23/91)
Being a poor grad student, I accepted a system manager's assistant position for the summer. I have struggled with the following problem, and hope someone has already solved it. In order to facilitate moving many many file systems, we would like for root to have write access to any (nfs) mounted partitions. The process for achieving this is easy under Sun-OS, but it is not even mentioned in the HP manuals. We have tried using the same procedure as in Sun-Os (why? the HP-UX manuals mention that their version was written by sun), which entailed adding an option to /etc/exports such as -root=user, but it didn't work. We also tried adding the machines to the hosts.equiv file, but again, no luck. If anyone has a complete or partial answer to this problem, or even a pointer to a solution, it would be greatly appreciated. Thanks, John John Dzubera grad student, novice system person dzubera@lamar.colostate.edu dzubera@handel.cs.colostate.edu
jim@cs.strath.ac.uk (Jim Reid) (05/23/91)
In article <15098@ccncsu.ColoState.EDU> dzubera@mozart.cs.colostate.edu (Zube) writes:
In order to facilitate moving many many file systems, we would like for root
to have write access to any (nfs) mounted partitions. The process for
achieving this is easy under Sun-OS, but it is not even mentioned in the
HP manuals. We have tried using the same procedure as in Sun-Os (why? the
HP-UX manuals mention that their version was written by sun), which entailed
adding an option to /etc/exports such as -root=user, but it didn't work. We
also tried adding the machines to the hosts.equiv file, but again, no luck.
RTFM!
HP-UX (like almost everyone else) has an old version of the Sun NFS
code. This old version does not support the ability to permit root
NFS access on a per-filesystem, per-client basis as in recent versions
of SunOS.
The limited capabilities of HP-UX's NFS are well documented with man
pages and the System Administrator's manual.
An old NFS server can be set up to allow everyone to make NFS requests
as root, by changing the value of the kernel variable nobody (usually
set to -2) to 0. Incoming root NFS requests get mapped to the UID
given by nobody before the kernel services the request. Since this is
a glaring security hole, such a change should not be done lightly and
should only remain for as short a time as absolutely necessary.
Copying filesystems around using NFS is a mistake. It is better to
use tar or cpio or dump and restore to do this. That way, you also
have a physical backup of the filesystem that is being moved.
Jim