ott@guug.UUCP (Joachim Ott) (01/05/90)
I have 3 little questions about ISC 386/ix: 1) I'm root on host alpha and enter the following commands: mount -f NFS beta:/ /mnt dd if=/mnt/dev/dsk/f0q15dt dd: read error: Permission denied (same for cp, tar, /mnt/dev/dsk/f0q15dt is 666-mode) In my opinion, the floppy should be part of the mounted filesystem. 2) Still root, I enter: cd /tmp >z ls -l z -rw-r--r-- 1 root root 0 Jan 4 19:01 z cd /mnt/tmp >z ls -l z -rw-rw-r-- 1 65534 other 0 Jan 4 19:01 z What about that funny user-id and 664-file-mode on host beta ? 3) What are /lib/idcpp and /lib/idcomp good for ? They differ from cpp and comp in 2 bytes length ('id' in the name in comment section). They are not noted in the manual or I haven't found the page yet. Anybody out there who knows ? Send followup to this group. Joachim Ott
cpcahil@virtech.uucp (Conor P. Cahill) (01/06/90)
In article <42@guug.UUCP>, ott@guug.UUCP (Joachim Ott) writes: > > I have 3 little questions about ISC 386/ix: > > 1) I'm root on host alpha and enter the following commands: NFS, as part of it's basic design, does not support the use of device files accross a mounted file system. I think this is probably due to the fact that NFS is OS independent and therefore other OSs may not understand what a device file is (and associated unix type ioctls). > 2) Still root, I enter: Because of security, root's user id is remapped to a -2. This is controlled by the nobody variable in the kernel. I have patched our kernel so that nobody is set to a 0 as opposed to a -2. This gives you the result you expect. > 3) What are /lib/idcpp and /lib/idcomp good for ? They differ from > cpp and comp in 2 bytes length ('id' in the name in comment section). These are special versions of the compiler and c-preprocessor that are used to rebuild the kernel. They are provided so that you can re-compile the kernel even if you do not have a development system. The slight difference in size is due to some changes that make it hard (if not impossible) to use them as a real compiler if you did not buy the development system. -- +-----------------------------------------------------------------------+ | Conor P. Cahill uunet!virtech!cpcahil 703-430-9247 ! | Virtual Technologies Inc., P. O. Box 876, Sterling, VA 22170 | +-----------------------------------------------------------------------+
johnl@esegue.segue.boston.ma.us (John R. Levine) (01/07/90)
In article <1990Jan6.114222.2572@virtech.uucp> cpcahil@virtech.uucp (Conor P. Cahill) writes: >NFS, as part of its basic design, does not support the use of >device files accross a mounted file system. I think this is probably >due to the fact that NFS is OS independent ... No it's because NFS is stateless, which means that any NFS call has to be idempotent, and in general writing the same block of data to a device twice means that you get two copies of the data, not (as on a disk) that the same data get written to the same place twice. The stateless design of NFS has been widely debated and is unlikely to be fixed anytime soon. >[idcpp and idcomp] are special versions of the compiler and c-preprocessor >that are used to rebuild the kernel. ... The slight difference in size is >due to some changes that make it hard (if not impossible) to use them as a >real compiler if you did not buy the development system. idcpp, idcomp, idld, and idas are actually just the same as their development system equivalents, and if you wrapped a suitable shell script around them you'd have a working C compiler. You don't get include files, startup code, or a C library, so it's far from adequate for program development. -- John R. Levine, Segue Software, POB 349, Cambridge MA 02238, +1 617 864 9650 johnl@esegue.segue.boston.ma.us, {ima|lotus|spdcc}!esegue!johnl "Now, we are all jelly doughnuts."
santi@ixos.UUCP (Michael Santifaller) (01/10/90)
In article <42@guug.UUCP> ott@guug.UUCP (Joachim Ott) writes: > >1) I'm root on host alpha and enter the following commands: > >mount -f NFS beta:/ /mnt >dd if=/mnt/dev/dsk/f0q15dt >dd: read error: Permission denied >(same for cp, tar, /mnt/dev/dsk/f0q15dt is 666-mode) >In my opinion, the floppy should be part of the mounted filesystem. First of all, you can't access device files through NFS. Try using something like rsh beta dd if=/dev/dsk/f0q15dt | tar xf - or tar cf - | rsh beta dd of=/dev/dsk/f0q15dt instead. >2) Still root, I enter: >cd /tmp >>z >ls -l z >-rw-r--r-- 1 root root 0 Jan 4 19:01 z >cd /mnt/tmp >>z >ls -l z >-rw-rw-r-- 1 65534 other 0 Jan 4 19:01 z > >What about that funny user-id and 664-file-mode on host beta ? The funny user-id is called *nobody*. You are not allowed to access an NFS server from a process running as *root*. To avoid possible security problems (of which there still many!) the uid 0 is mapped to -2 on the server side. Uid's are declared as an *unsigned short*, therefore the 65534. The file modes are actually funny, it looks like the clients umask is not added properly into the file creation modes on the client NFS file system code. Also, the gid change is quite strange. I honestly do not believe that the excerpt presented here is complete. Michael Santifaller