Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!cs.utexas.edu!hellgate.utah.edu!helios.ee.lbl.gov!me10.lbl.gov!milburn From: milburn@me10.lbl.gov (John Milburn) Newsgroups: comp.sys.hp Subject: Re: root over NFS (again) Message-ID: <5178@helios.ee.lbl.gov> Date: 22 Mar 90 00:03:27 GMT References: <3008@umbc3.UMBC.EDU> Sender: usenet@helios.ee.lbl.gov Reply-To: JEMilburn@lbl.gov (John Milburn) Organization: Lawrence Berkeley Laboratory, Berkeley, CA Lines: 51 X-Local-Date: 21 Mar 90 16:03:27 PST In article <3008@umbc3.UMBC.EDU> greg@umbc3.umbc.edu (Greg Sylvain,Lib 007,3929,4376834) writes: > > Does anyone out there have a patch for nfs that allows root to "be" >root over an nfs mount. (i.e. to allow root to access a file that, on the >remote machine, has permissions only for the owner of the file in question. >[0700]) From last summer: ----------------------------------------------- From: vic@zen.co.uk (Victor Gavin) Newsgroups: comp.sys.hp Subject: Re: Backup over net (Was Re: NFS Super users?) Date: 19 Jul 89 10:47:44 GMT Organization: Zengrange Limited, Leeds, England [...] This is where the changing of the kernal's map of UID 0 to nobody becomes useful. To do this just adb -w /hp-ux nobody ?W 0 $q The problem is that now root on any machine can access all the files on the machine that uses this kernal. Of course this b*ggers up security no end. What the newer versions of NFS allow, is for you to specify when you export a file system, which machines can have root access to that file system eg On our Sun machine we have this line to allow our 840 to back up its / directory / -access=zen:zenvec,root=zen (-access specifies which machines can access the file system and -root says which machines have root capability on that file system) vic -- Victor Gavin Zengrange Limited vic@zen.co.uk Greenfield Road ..!mcvax!ukc!zen.co.uk!vic Leeds England +44 532 489048 LS9 8DB -------------------------------------------------- -jem JEMilburn@lbl.gov ...!ucbvax!lbl.gov!JEMilburn