grant@gouche (Grant J. Munsey) (05/12/91)
I have ISC 2.1 using NFS. I want to publish a file system such that a remote machine can become root wrt the file system. I notice in some NFS implementations the file /etc/exports is where you put instructions to NFS to allow this. In the NFS doc from Interactive it doesn't mention anything. Anyoue know the skinny on this? ---- Grant Munsey, Mainticore, Inc. (408) 733-3838 grant@gouche.portal.com or decwrl!apple!portal!gouche!grant
cpcahil@virtech.uucp (Conor P. Cahill) (05/13/91)
grant@gouche (Grant J. Munsey) writes: >I have ISC 2.1 using NFS. I want to publish a file system such that >a remote machine can become root wrt the file system. I notice in some >NFS implementations the file /etc/exports is where you put instructions >to NFS to allow this. In the NFS doc from Interactive it doesn't mention >anything. Anyoue know the skinny on this? ISC's port of NFS does not have this capability. I posted a work around a short time ago, but is has a drawback. You can't control which file systems or which client systems it applies to (i.e. it applies to all exported filesystems). The program is called kernmod. If you can't find a copy lying around, send me email and I will send it to you. -- Conor P. Cahill (703)430-9247 Virtual Technologies, Inc. uunet!virtech!cpcahil 46030 Manekin Plaza, Suite 160 Sterling, VA 22170
tmh@prosun.first.gmd.de (Thomas Hoberg) (05/23/91)
In article <223@gouche.UUCP>, grant@gouche (Grant J. Munsey) writes: |> |> I have ISC 2.1 using NFS. I want to publish a file system such that |> a remote machine can become root wrt the file system. I notice in some |> NFS implementations the file /etc/exports is where you put instructions |> to NFS to allow this. In the NFS doc from Interactive it doesn't mention |> anything. Anyoue know the skinny on this? ISC or rather the Lachman Ass. version of NFS doesn't support this directly. I wrote a small program (sorry don't have it here) that used 'nm' to find the address of NOBODY in the kernel, did a seek, read and write on /dev/kmem (or was it /dev/mem ?) to patch NOBODY (maxint - 2 by default) to 0 (root). Root accesses are mapped to the UID NOBODY by default (for security reasons). This is very risky, though, because if a file system is exported to a machine with a user that is not know by the exporting system, that user will get mapped to NOBODY, too, meaning any unknown user will have *root* access, too. BTW, NOBODY has to be patched on the exporting system. |> ---- |> Grant Munsey, Mainticore, Inc. (408) 733-3838 |> grant@gouche.portal.com or decwrl!apple!portal!gouche!grant -- tom ---- Thomas M. Hoberg | UUCP: tmh@gmdtub.first.gmd.de or tmh%gmdtub@tub.UUCP c/o GMD Berlin | ...!unido!tub!gmdtub!tmh (Europe) or D-1000 Berlin 12 | ...!unido!tub!tmh Hardenbergplatz 2 | ...!pyramid!tub!tmh (World) Germany | BITNET: tmh%DB0TUI6.BITNET@DB0TUI11 or +49-30-254 99 160 | tmh@tub.BITNET