joe@astph.UUCP (Joe Broniszewski) (11/09/90)
I have two questions to ask. First a little system info. Machine: 386 OS: 386/ix running NFS over TCP/IP Questions: 1. Why do I get an error (mount: access denied for unix1:/) when trying to mount machine 1's root directory? Can I do this? 2. Why can't I access (as root on machine 2) a file that has the following permissions on machine 1: drwx------ 4 root sys 100 Nov 8 1989 file If I can't do both 1 & 2, how can I do a net-wide backup of our network? Any/all help is appreciated! -- Joe Broniszewski || Philadelphia Phillies || (814) 234-8592x34 astph!joe@psuvax1.psu.edu || Systems Department || psuvax1!astph!joe
barmar@think.com (Barry Margolin) (11/09/90)
I'm assuming that 386/ix NFS configuration is similar to SunOS NFS configuration. In article <60@astph.UUCP> joe@astph.UUCP (Joe Broniszewski) writes: >1. Why do I get an error (mount: access denied for unix1:/) when >trying to mount machine 1's root directory? Can I do this? Check machine 1's /etc/exports file, and make sure it exports the root file system. Only exported file systems can be mounted by a client. In SunOS you can limit the clients that may mount a file system by specifying -access=host1,host2,... in the export entry. >2. Why can't I access (as root on machine 2) a file that has the following >permissions on machine 1: >drwx------ 4 root sys 100 Nov 8 1989 file By default, most NFS servers translate an incoming root userid (0) to an unprivileged userid. This provides a limited amount of security, as a user who breaks into the root account on a workstation can't alter root-owned files on the server. In SunOS this is controlled by two options in the /etc/exports file, "-root" and "-anon". You can specify -root=host1,host2,... to specify client hosts whose root shouldn't be translated, or -anon=<userid> to specify the userid that root is translated to (by default it is usually -2 or 32766, which is supposed to correspond to the "nobody" user name, but -root=0 effectively turns off the translation). >If I can't do both 1 & 2, how can I do a net-wide backup of our network? Make sure that the host doing the backup is allowed to mount the file systems, and that root translation is disabled. -- Barry Margolin, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar
thurlow@convex.com (Robert Thurlow) (11/09/90)
In <1990Nov8.225604.3036@Think.COM> barmar@think.com (Barry Margolin) writes: [a good article with one bug] The hostnames in access lists in /etc/exports entries must actually be separated by colons, as commas separate the different export options. I've been bitten by this way too often. So the actual syntax in Barry's examples should be: >-access=host1:host2,... >-root=host1:host2,... Rob T -- Rob Thurlow, thurlow@convex.com or thurlow%convex.com@uxc.cso.uiuc.edu ---------------------------------------------------------------------- "This opinion was the only one available; I got here kind of late."