Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NIS and file writing



 

On Tue, 8 Apr 2008, John Abreau wrote: 

> By default, NFS remaps root to the user "nobody" in order to minimize 
> security issues. The simplest workaround is to not try to write data 

Isn't it less of a security issue than a way to avoid catastrophic massive 
accidental deletions? After all, if the root user wants to delete a file 
on an nfs-mounted volume, all he needs to do is "su" to the owner's userid 
and delete it. That isn't much of an obstacle to an intruder. Or am I 
missing something? 

> as root to the NFS volume. 
> 
> If you're willing to risk the exposure that allowing write permission to root, 
> then you can set an option in the NFS server's /etc/exports to allow it; 
> the opetion is "no_root_squash". The syntax is as follows: 
> 
>    /path/to/volume         *(rw,no_root_squash) 
> 
> 
> On Tue, Apr 8, 2008 at 10:53 AM, Scott R. Ehrlich <[hidden email]> wrote: 
>> This might be an obvious question, but I need to ask since I'm facing an 
>> obstacle. 
>> 
>>  I have an isolated network running NIS/NFS utilizing CentOS 5 and RHEL 5. 
>> 
>>  If I try to compile or write data as sudo or outright as root to an 
>> NFS-mounted directory (say I cd to someone else's NFS-mounted directory to 
>> try and compile code in their directory), I get permission denied during the 
>> write attemps. 
>> 
>>  Copy their stuff to /tmp or any other local filesystem, and writing is just 
>> fine. 
>> 
>>  How do I resolve this? 
>> 
>>  Thanks. 
>> 
>>  Scott 
>> 
>>  -- 
>>  This message has been scanned for viruses and 
>>  dangerous content by MailScanner, and is 
>>  believed to be clean. 
>> 
>>  _______________________________________________ 
>>  Discuss mailing list 
>>  [hidden email] 
>>  http://lists.blu.org/mailman/listinfo/discuss
>> 
> 
> 
> 
> -- 
> John Abreau / Executive Director, Boston Linux &amp; Unix 
> GnuPG KeyID: 0xD5C7B5D9 / Email: [hidden email] 
> GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 
> 
> -- 
> This message has been scanned for viruses and 
> dangerous content by MailScanner, and is 
> believed to be clean. 
> 
> _______________________________________________ 
> Discuss mailing list 
> [hidden email] 
> http://lists.blu.org/mailman/listinfo/discuss
> 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org