[1674] in linux-net channel archive
Re: NFS server
daemon@ATHENA.MIT.EDU (N.Charley-CSSE93@cs.bham.ac.uk)
Tue Jan 23 20:06:26 1996
From: N.Charley-CSSE93@cs.bham.ac.uk
To: linux-net@vger.rutgers.edu, hyoung@phycmt3.sogang.ac.kr
Date: Tue, 23 Jan 1996 06:45:09 +0000 (GMT)
In-Reply-To: <199601221419.XAA14594@phycmt3.sogang.ac.kr> from "hyoung" at Jan 22, 96 11:19:27 pm
> I have installed the slackware 3.0.0.
> That is good.
> But I have some problems with respect to "nfs".
> Of course, it works fine for usual users.
> But, root can not write on the mounted device.
> At the previous version, root can do it.
> Can I make root do it ?
Ah, I remember when this one caught me out, took me forever to RTFM
*8-/. You need to add the option 'no_root_squash' to the /etc/fstab
entry (assuming you're doing it like that), or to the commandline mount.
This option disables the feature where normally any accesses by 'root'
are mapped to being done by 'nobody'. Its a security feature and you
really shouldn't disable it unless you REALLY have to. Remember IF
someone unauthorised DOES manage to mount your file systems they'll have
done it as root on THEIR machine, and with no_root_squash have complete
run of your file system.
Having said that if such a person is root they could create user
accounts for any NON-root stuff and access THAT, so make sure you set up
NFS securely! (filter out packets coming from outside your network with
a source address INSIDE your network is a must have, helps guard against
IP spoofing attacks).
-Neil, who seems to be answering a lot of questions just as he should be
spending 'all' his time setting up 3 servers *8-/
--
**************************************************************************
* Neil Peter Soveran-Charley * Athanasius INFP *
******************************* Surfers - surfers.itf.org.uk 4242 *
* nxc@cs.bham.ac.uk * Dark Shadows - rabbit.cudenver.edu 1509 *
* ncharley@nyx10.cs.du.edu * Lothlorien - nix.mechnet.liv.ac.uk 1509 *
* athan@nix.mechnet.liv.ac.uk * *
**************************************************************************
