NIS and file writing
John Abreau
abreauj at gmail.com
Tue Apr 8 15:09:23 EDT 2008
The reasons for mapping root to nobody aren't particularly relevant to the
question of how to work around the behavior.
On Tue, Apr 8, 2008 at 2:36 PM, Daniel Feenberg <feenberg at nber.org> wrote:
>
>
> On Tue, 8 Apr 2008, John Abreau wrote:
>
>
> > By default, NFS remaps root to the user "nobody" in order to minimize
> > security issues. The simplest workaround is to not try to write data
> >
>
> Isn't it less of a security issue than a way to avoid catastrophic massive
> accidental deletions? After all, if the root user wants to delete a file on
> an nfs-mounted volume, all he needs to do is "su" to the owner's userid and
> delete it. That isn't much of an obstacle to an intruder. Or am I missing
> something?
>
>
> >
> >
> >
> > as root to the NFS volume.
> >
> > If you're willing to risk the exposure that allowing write permission to
> root,
> > then you can set an option in the NFS server's /etc/exports to allow it;
> > the opetion is "no_root_squash". The syntax is as follows:
> >
> > /path/to/volume *(rw,no_root_squash)
> >
> >
> > On Tue, Apr 8, 2008 at 10:53 AM, Scott R. Ehrlich <scott at mit.edu> wrote:
> >
> > > This might be an obvious question, but I need to ask since I'm facing an
> > > obstacle.
> > >
> > > I have an isolated network running NIS/NFS utilizing CentOS 5 and RHEL
> 5.
> > >
> > > If I try to compile or write data as sudo or outright as root to an
> > > NFS-mounted directory (say I cd to someone else's NFS-mounted directory
> to
> > > try and compile code in their directory), I get permission denied during
> the
> > > write attemps.
> > >
> > > Copy their stuff to /tmp or any other local filesystem, and writing is
> just
> > > fine.
> > >
> > > How do I resolve this?
> > >
> > > Thanks.
> > >
> > > Scott
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > >
> > > _______________________________________________
> > > Discuss mailing list
> > > Discuss at blu.org
> > > http://lists.blu.org/mailman/listinfo/discuss
> > >
> > >
> >
> >
> >
> > --
> > John Abreau / Executive Director, Boston Linux & Unix
> > GnuPG KeyID: 0xD5C7B5D9 / Email: abreauj at gmail.com
> > GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
> >
> > --
> >
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > _______________________________________________
> > Discuss mailing list
> > Discuss at blu.org
> > http://lists.blu.org/mailman/listinfo/discuss
> >
> >
>
--
John Abreau / Executive Director, Boston Linux & Unix
GnuPG KeyID: 0xD5C7B5D9 / Email: abreauj at gmail.com
GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list