nfs
Les Mikesell
lesmikesell at gmail.com
Mon Nov 19 18:11:19 UTC 2007
Tim wrote:
> On Mon, 2007-11-19 at 15:12 +0100, roland wrote:
>> I used in /etc/exports the option no_root_squash and this does it.
>
> It's not usually a good idea to do that. Someone being root on one
> machine is a risk for that machine. But if they're also treated as root
> across a network, that's even more so.
>
> I can't imagine why root ownership of files ought to be involved in
> the /home space, unless you've got someone running as root when they
> really shouldn't do, and they're saving files in their homespace.
If this was a followup on the "backup vmware" post, I think the point
was to be able to back up all files through a read-only mount. But it
probably is a good thing to understand that nfs is not very secure -
even if you don't allow root access, it is trivial for someone who can
be root on the client machine (or reboot it with a live CD...) to
impersonate anyone else.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list