Xref: utzoo comp.unix.admin:1124 comp.protocols.nfs:1866
Path: utzoo!utgpu!watserv1!watmath!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!think.com!snorkelwacker.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!jik
From: jik@athena.mit.edu (Jonathan I. Kamens)
Newsgroups: comp.unix.admin,comp.protocols.nfs
Subject: Re: WHO IS NOBODY?
Message-ID: <1991Mar4.012943.5751@athena.mit.edu>
Date: 4 Mar 91 01:29:43 GMT
References: <1991Mar2.003208.29486@ux1.cso.uiuc.edu>
Sender: news@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
Lines: 38


  (I've added comp.protocols.nfs to the Newsgroups of this thread, but I've
left comp.unix.admin in as well, since (after all) the concept of root and uid
0 is not an integral part of the NFS protocol; it's more of a Unix thing.)

In article <1991Mar2.003208.29486@ux1.cso.uiuc.edu>, kemp@uiatma.atmos.uiuc.edu (John Kemp) writes:
|> Can anyone explain how the "nobody" comes into play in NFS?
|> For example, if I put "/exportdir remotemach.subdomain" in 
|> the /etc/exports file, how do I control who accesses that?
|> 
|> For example, what happens to remote users in the following cases?
|>    root@remotemach.subdomain    ( remote super-user )

  Unless you have specified in /etc/exports that root is supposed to be
trusted, uid 0 on the remote machine will map to the nobody uid on the NFS
server.  This is a security measure to prevent people who have broken into the
root account on the remote machine from playing around with the files on the
NFS server.

|>    common@remotemach.subdomain  ( uname/UID/GID same on both systems )

  Well, then, the user on the remote machine will have the same access to the
NFS server's files as he would have if he were logged into it.  This is
supposed to be the common case, right?

|>    unknown@remotemach.subdomain ( known on remote, but not locally )

  This will map to nobody on the NFS server as well.

|> How can I enable universal access to "remotemach.subdomain"?

  Whta do you mean by "universal access?"

-- 
Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik@Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8085			      Home: 617-782-0710