Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Tue, 8 Apr 2008, John Abreau wrote: > By default, NFS remaps root to the user "nobody" in order to minimize > security issues. The simplest workaround is to not try to write data Isn't it less of a security issue than a way to avoid catastrophic massive accidental deletions? After all, if the root user wants to delete a file on an nfs-mounted volume, all he needs to do is "su" to the owner's userid and delete it. That isn't much of an obstacle to an intruder. Or am I missing something? > as root to the NFS volume. > > If you're willing to risk the exposure that allowing write permission to root, > then you can set an option in the NFS server's /etc/exports to allow it; > the opetion is "no_root_squash". The syntax is as follows: > > /path/to/volume *(rw,no_root_squash) > > > On Tue, Apr 8, 2008 at 10:53 AM, Scott R. Ehrlich <[hidden email]> wrote: >> This might be an obvious question, but I need to ask since I'm facing an >> obstacle. >> >> I have an isolated network running NIS/NFS utilizing CentOS 5 and RHEL 5. >> >> If I try to compile or write data as sudo or outright as root to an >> NFS-mounted directory (say I cd to someone else's NFS-mounted directory to >> try and compile code in their directory), I get permission denied during the >> write attemps. >> >> Copy their stuff to /tmp or any other local filesystem, and writing is just >> fine. >> >> How do I resolve this? >> >> Thanks. >> >> Scott >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> _______________________________________________ >> Discuss mailing list >> [hidden email] >> http://lists.blu.org/mailman/listinfo/discuss >> > > > > -- > John Abreau / Executive Director, Boston Linux & Unix > GnuPG KeyID: 0xD5C7B5D9 / Email: [hidden email] > GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > Discuss mailing list > [hidden email] > http://lists.blu.org/mailman/listinfo/discuss >
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |