Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/5/84; site oliveb.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!gamma!epsilon!zeta!sabre!petrus!bellcore!decvax!decwrl!pyramid!hplabs!oliveb!jerry
From: jerry@oliveb.UUCP (Jerry Aguirre)
Newsgroups: net.unix-wizards
Subject: Re: Symbolic user names and RFS
Message-ID: <679@oliveb.UUCP>
Date: Wed, 19-Feb-86 19:44:10 EST
Article-I.D.: oliveb.679
Posted: Wed Feb 19 19:44:10 1986
Date-Received: Fri, 21-Feb-86 05:43:26 EST
References: <674@oliveb.UUCP> <1246@ubc-ean.UUCP> <759@im4u.UUCP>
Reply-To: jerry@oliveb.UUCP (Jerry Aguirre)
Organization: Olivetti ATC; Cupertino, Ca
Lines: 24
Keywords: RFS UID security
Summary: RFS is more secure than rlogin

In article <759@im4u.UUCP> smoot@im4u.UUCP (Mitchell) writes:
>It seems that it is *imperative* for security reasons to have the same
>UID/GID ==> username mapping on any systems which share filesystems.

While, as my original article stated, having different numeric UID/GID
can be confusing to the naive, I don't see how it effects security.

Remember that, under RFS, your permissions on the remote machine are
based on your remote login account and have no direct relationship to
your home system UID or user name.  More simply, accesses are being
performed by a server process not by your process.  The server process
is operating under the UID of the remote account, not the UID of the
client.

So, the security is just as good as using rlogin/rsh.  (Actually more
restricted because it doesn't honor /etc/hosts.equiv.)  The only new
hole opened is for some unknowing super user to get confused about
ownership on remote files and try to "fix" them with chown.

Granted that it is a lot cleaner to maintain unique UIDs on all systems,
I don't see that it is necessary for RFS.

					Jerry Aguirre @ Olivetti ATC
{hplabs|fortune|idi|ihnp4|tolerant|allegra|glacier|olhqma}!oliveb!jerry