guy@auspex.auspex.com (Guy Harris) (01/04/91)
(Sent back to "comp.protocols.nfs", and followups redirected there, as this has a lot more to do with NFS, or at least UNIX implementations thereof, than OS/2.) >|> I do not know about your environment but a lot of >|> environments that I have seen, the users have there own workstation >|> and they have the root password on their workstation. >|> Given this, they can 'su' to any user they wish and >|> therefore can spoof NFS. > >What!? From what I understand of NFS (at least Sun NFS), UID root will *NOT* >be accepted for most activities. It *will*, however, be accepted for the "su" command, which means the user on the workstation (assuming they have the root password for the workstation, which many do) can then "su" to any user they wish, and any processes they kick off from there will have the UID of *that user*, *NOT* of root, and in most NFS implementation NON-root UIDs will be accepted for most activities. (I think some may have implemented RFS-style UID mapping.)