Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!sun-barr!cs.utexas.edu!uunet!mcvax!ukc!strath-cs!jim
From: jim@cs.strath.ac.uk (Jim Reid)
Newsgroups: comp.sys.hp
Subject: Re: NFS Super users?
Message-ID: <239@baird.cs.strath.ac.uk>
Date: 30 Jun 89 14:50:13 GMT
References: <240038@grlab.UUCP>
Sender: news@cs.strath.ac.uk
Reply-To: jim@cs.strath.ac.uk
Organization: Comp. Sci. Dept., Strathclyde Univ., Scotland.
Lines: 24

In article <240038@grlab.UUCP> scott@grlab.UUCP (Scott Blachowicz) writes:
>We just brought up NFS on our 9000/300,800 Series network, and I want to
>be able to do system maintenances sorts of tasks from one system. Is it
>possible to disable the Super-user-maps-to-uid-65534(aka -2) behavior?

NFS can allow remote root access. It is not a good idea to have NFS
permit this by default. If someone becomes root on a client, they would
then have super user access to the NFS servers. If you MUST do this,
then patch the kernel variable called "nobody". NFS servers map root NFS
requests to this user-id. Normally it is set to -2 (explaining the
behaviour you describe above). Setting it to 0 will grant clients super
user access to the server. You can patch the kernel with adb or an
equivalent debugger. Some vendors allow you to set this variable as a
option when configuring a kernel.

>I want a nice easy way to specify some remote directories when doing
>system backups and such...

The way to do that is not to use NFS for backups! Use rdump to backup
files to a remote tape drive or other backup device. Alternatively, pick
up one of the many versions of tar that are floating around that have
support for driving a remote tape device.

		Jim