Les Mikesell lesmikesell at
Mon Nov 19 18:11:19 UTC 2007

Tim wrote:
> On Mon, 2007-11-19 at 15:12 +0100, roland wrote:
>> I used in /etc/exports the option no_root_squash and this does it.
> It's not usually a good idea to do that.  Someone being root on one
> machine is a risk for that machine.  But if they're also treated as root
> across a network, that's even more so.
> I can't imagine why root ownership of files ought to be involved in
> the /home space, unless you've got someone running as root when they
> really shouldn't do, and they're saving files in their homespace.

If this was a followup on the "backup vmware" post, I think the point 
was to be able to back up all files through a read-only mount.  But it 
probably is a good thing to understand that nfs is not very secure - 
even if you don't allow root access, it is trivial for someone who can 
be root  on the client machine (or reboot it with a live CD...)  to 
impersonate anyone else.

   Les Mikesell
    lesmikesell at

More information about the fedora-list mailing list