Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!think.com!barmar From: barmar@think.com (Barry Margolin) Newsgroups: comp.protocols.nfs Subject: Re: NFS mounts Message-ID: <1990Nov8.225604.3036@Think.COM> Date: 8 Nov 90 22:56:04 GMT References: <60@astph.UUCP> Sender: news@Think.COM Organization: Thinking Machines Corporation, Cambridge MA, USA Lines: 36 I'm assuming that 386/ix NFS configuration is similar to SunOS NFS configuration. In article <60@astph.UUCP> joe@astph.UUCP (Joe Broniszewski) writes: >1. Why do I get an error (mount: access denied for unix1:/) when >trying to mount machine 1's root directory? Can I do this? Check machine 1's /etc/exports file, and make sure it exports the root file system. Only exported file systems can be mounted by a client. In SunOS you can limit the clients that may mount a file system by specifying -access=host1,host2,... in the export entry. >2. Why can't I access (as root on machine 2) a file that has the following >permissions on machine 1: >drwx------ 4 root sys 100 Nov 8 1989 file By default, most NFS servers translate an incoming root userid (0) to an unprivileged userid. This provides a limited amount of security, as a user who breaks into the root account on a workstation can't alter root-owned files on the server. In SunOS this is controlled by two options in the /etc/exports file, "-root" and "-anon". You can specify -root=host1,host2,... to specify client hosts whose root shouldn't be translated, or -anon= to specify the userid that root is translated to (by default it is usually -2 or 32766, which is supposed to correspond to the "nobody" user name, but -root=0 effectively turns off the translation). >If I can't do both 1 & 2, how can I do a net-wide backup of our network? Make sure that the host doing the backup is allowed to mount the file systems, and that root translation is disabled. -- Barry Margolin, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar