Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NIS and file writing



 The reasons for mapping root to nobody aren't particularly relevant to the 
question of how to work around the behavior. 


On Tue, Apr 8, 2008 at 2:36 PM, Daniel Feenberg <[hidden email]> wrote: 
> 
> 
>  On Tue, 8 Apr 2008, John Abreau wrote: 
> 
> 
> > By default, NFS remaps root to the user "nobody" in order to minimize 
> > security issues. The simplest workaround is to not try to write data 
> > 
> 
>  Isn't it less of a security issue than a way to avoid catastrophic massive 
> accidental deletions? After all, if the root user wants to delete a file on 
> an nfs-mounted volume, all he needs to do is "su" to the owner's userid and 
> delete it. That isn't much of an obstacle to an intruder. Or am I missing 
> something? 
> 
> 
> > 
> > 
> > 
> > as root to the NFS volume. 
> > 
> > If you're willing to risk the exposure that allowing write permission to 
> root, 
> > then you can set an option in the NFS server's /etc/exports to allow it; 
> > the opetion is "no_root_squash". The syntax is as follows: 
> > 
> >   /path/to/volume         *(rw,no_root_squash) 
> > 
> > 
> > On Tue, Apr 8, 2008 at 10:53 AM, Scott R. Ehrlich <[hidden email]> wrote: 
> > 
> > > This might be an obvious question, but I need to ask since I'm facing an 
> > > obstacle. 
> > > 
> > >  I have an isolated network running NIS/NFS utilizing CentOS 5 and RHEL 
> 5. 
> > > 
> > >  If I try to compile or write data as sudo or outright as root to an 
> > > NFS-mounted directory (say I cd to someone else's NFS-mounted directory 
> to 
> > > try and compile code in their directory), I get permission denied during 
> the 
> > > write attemps. 
> > > 
> > >  Copy their stuff to /tmp or any other local filesystem, and writing is 
> just 
> > > fine. 
> > > 
> > >  How do I resolve this? 
> > > 
> > >  Thanks. 
> > > 
> > >  Scott 
> > > 
> > >  -- 
> > >  This message has been scanned for viruses and 
> > >  dangerous content by MailScanner, and is 
> > >  believed to be clean. 
> > > 
> > >  _______________________________________________ 
> > >  Discuss mailing list 
> > >  [hidden email] 
> > >  http://lists.blu.org/mailman/listinfo/discuss
> > > 
> > > 
> > 
> > 
> > 
> > -- 
> > John Abreau / Executive Director, Boston Linux &amp; Unix 
> > GnuPG KeyID: 0xD5C7B5D9 / Email: [hidden email] 
> > GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 
> > 
> > -- 
> > 
> > This message has been scanned for viruses and 
> > dangerous content by MailScanner, and is 
> > believed to be clean. 
> > 
> > _______________________________________________ 
> > Discuss mailing list 
> > [hidden email] 
> > http://lists.blu.org/mailman/listinfo/discuss
> > 
> > 
> 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org