[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: block root access to NFS mount



On Tue, 2006-09-12 at 06:15, Mark Haney wrote:
> >   
> Yeah, it's a strange situation.  I have an NFS server that has exported 
> /home/users.  One of the machines (client A) that mounts that NFS share 
> is being handed to another group who needs root access.  Because of the 
> fact that we have other user accounts in /home/users I cannot let 
> someone else have root access on Client A.  What I want is to be able to 
> keep that NFS mount on Client A, but not let root on Client A access 
> that NFS mount.  Does that clear it up a bit? 

That's not strange at all.  It is the usual situation where
someone on another machine that has NFS access can become root
whether by a normal login or booting from a knoppix-type CD.

> I got another reply mentioning no_root_squash, but I just got in and I'm 
> not yet ready to look into that option, at least not until my fisrt cup 
> of coffee.

What happens is that the root user on the client is mapped to
the nobody user on the server.  Depending on the file/directory
permissions this may mean that access will be denied. That
would be the case on home directories set rx only by owner.
However, the permissions are established by uid number and
you have to remember that the user with root permission on
his local machine can create a user with any uid he wants
and su to that user.  At that point he will be able to access
any file on the NFS server with the permissions of this
other user.

-- 
  Les Mikesell
   lesmikesell gmail com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]