Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!murtoa.cs.mu.oz.au!munnari.oz.au!mimir!hugin!augean!fang!itd.dsto.oz!ksh From: ksh@itd.dsto.oz (Ken Hayman) Newsgroups: comp.unix.wizards Subject: Unexpected NFS Effects Message-ID: <403@fang.dsto.oz> Date: 14 Jun 89 19:37:13 GMT Sender: news@fang.dsto.oz Reply-To: ksh@itd.dsto.oz (Ken Hayman) Organization: Defence Science and Technology Organization Lines: 33 Expires: References: Sender: Followup-To: Keywords: We have a network of Sun 3/60's which have most of their files mounted from a 3/280 server via NFS. Both the server and the clients are running SunOS 3.5, although I believe the effect is the same under 4.x. The server is configured in the "secure" mode, where "root" on a client is mapped to "nobody" on the server before access is granted, and this appears to be, in the main, working as expected (eg I can't become root on a client then write into an NFS-mounted directory). An interesting effect that we found though involves files with mode 711 (I suspect the 7 isn't important, but it doesn't work if the files are 700). Given a such a file on the NFS mounted file system (ls -lg would show, eg, -rwx--x--x 1 user group 10 Jun 14 10:00 file ), it has been found that if I log in a root on a client I can cp the file, despite not owning the file (and not being part of "group"). Now I would expect that, if "root" was mapped to "nobody" on the server then I should only have execute access to the file, and cp should give "permission denied". My question is, is this a) a known bug b) a new bug c) expected behaviour? If the answer is (c), WHY is it expected behaviour (it seems intuitively reasonable that if I haven't got READ access I shouldn't be able to copy the file) Ken Hayman +-----------------------------------------------------------------------------+ | Ken Hayman, TCS Group, DSTO Salisbury, S.Aust ACSnet: ksh@itd.dsto.oz | | Phone: +61 8 259 6340 Internet: ksh@itd.dsto.oz.au | +-----------------------------------------------------------------------------+