[110] in The Cryptographic File System users list
Link between NFS and CFS
daemon@ATHENA.MIT.EDU (Munish Mehta)
Mon Nov 30 14:54:22 1998
From owner-cfs-users@research.att.com Mon Nov 30 19:54:21 1998
Return-Path: <owner-cfs-users@research.att.com>
Delivered-To: cfs-mtg@bloom-picayune.mit.edu
Received: (qmail 12571 invoked from network); 30 Nov 1998 19:54:20 -0000
Received: from unknown (HELO rumor.research.att.com) (192.20.225.9)
by bloom-picayune.mit.edu with SMTP; 30 Nov 1998 19:54:20 -0000
Received: from research.att.com ([135.207.30.100]) by rumor; Mon Nov 30 14:46:40 EST 1998
Received: from amontillado.research.att.com ([135.207.24.32]) by research; Mon Nov 30 14:48:26 EST 1998
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id OAA14444;
Mon, 30 Nov 1998 14:48:03 -0500 (EST)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id OAA12505 for cfs-users-list; Mon, 30 Nov 1998 14:45:25 -0500 (EST)
Received: from research.att.com (research.research.att.com [135.207.30.100]) by nsa.research.att.com (8.7.3/8.7.3) with SMTP id OAA12501 for <cfs-users@nsa.research.att.com>; Mon, 30 Nov 1998 14:45:23 -0500 (EST)
Received: from news.mtu.edu ([141.219.70.11]) by research; Mon Nov 30 14:43:08 EST 1998
Received: from mtu.edu (root@mtu.edu [141.219.70.1])
by news.mtu.edu (8.8.8/8.8.8) with ESMTP id OAA09565
for <cfs-users@research.att.com>; Mon, 30 Nov 1998 14:43:06 -0500 (EST)
Received: from cs.mtu.edu (cs.mtu.edu [141.219.150.12])
by mtu.edu (8.8.8/8.8.8) with ESMTP id OAA02551
for <cfs-users@research.att.com>; Mon, 30 Nov 1998 14:43:00 -0500 (EST)
Received: from localhost (mumehta@localhost)
by cs.mtu.edu (8.8.7/8.8.7/mtumailer-1.2) with ESMTP id OAA24248
for <cfs-users@research.att.com>; Mon, 30 Nov 1998 14:42:57 -0500 (EST)
X-Authentication-Warning: cs.mtu.edu: mumehta owned process doing -bs
Date: Mon, 30 Nov 1998 14:42:56 -0500 (EST)
From: Munish Mehta <mumehta@mtu.edu>
To: cfs-users@research.att.com
Subject: Link between NFS and CFS
Message-ID: <Pine.SO4.4.05.9811301432170.24062-100000@cs.mtu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cfs-users@research.att.com
Precedence: bulk
Hi,
I have a Linux server with CFS and NFS daemons running on it.
I create a directory using cmkdir and works on it a bit.
Now, I want to export this directory(or partition) to other client linux
machines using NFS mount. Client machines are also running CFS and NFS
daemons. So client machines can access this directory and "cattach" the
directory to read/write the contents.
The problem is that "root" or "superuser" on client machines cannot be
trusted. Ofcourse with encryption, they cannot read any thing in the
secure directory (the directory in mention), but they can delete it as
NFS mount has to be read/write. Is there anyway to deny permission
through CFS or NFS, so that even root is not able to delete the directory
encrypted using CFS until and unless it is able to do a "cattach" on it..
(that is after knowing the key).
Please let me know if you have any suggestions or ideas or if you have
experienced similar problem. Any idea/suggestions about CFS/NFS settings
related to this would be very helpful.
Thanks in advance,
Munish Mehta
