Xref: utzoo comp.unix.questions:11443 comp.unix.wizards:14468 Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!bloom-beacon!bu-cs!purdue!decwrl!decvax!tektronix!ozvax!tekcsc!jeff From: jeff@tekcsc.MKT.TEK.COM (Jeff Beadles) Newsgroups: comp.unix.questions,comp.unix.wizards Subject: Re: Nfs -- root privs Message-ID: <162@tekcsc.MKT.TEK.COM> Date: 1 Feb 89 10:46:16 GMT References: <695@blake.acs.washington.edu> Reply-To: jeff@tekcsc.MKT.TEK.COM (Jeff Beadles) Distribution: usa Organization: Tektronix, Inc. Wilsonville, Or. Lines: 47 In article <695@blake.acs.washington.edu> mtsu@blake.UUCP (Montana State) writes: > > >I have 4 mVAXen hooked together, and I'm using a lot of NFS serving to >provicde home directories and all that crap. I'm running Ultrix 2.3 >on all nodes, I'm not running YP. What I want to do is to be able to sit >as root on caesar, and modify files on the other machines. This used to >work uder Ultrix 2.0, there was a procedure to change the value of the >kernel variable nobody to 0 rather than -2. It don't seem to work under 2.3 >... I tried changing the nobody passwd entry to 0:0 for UID and GID, and that >didn't work either. Any suggestions?? > >Replies to icsu6000@caesar.cs.montana.edu or utah-gr!mts-cs!icsu6000 if these >questions are too basic. Well, it's a little more involved than that. Here's how to do it. (First, a disclaimer...) TEKTRONIX DOES NOT SUPPORT THIS MODIFICATION. =============================================================================== Unsupported modification to change kernel's idea of who root should be when traversing an NFS mountpoint. This is a security problem, if implimented. ON SERVER MACHINE -------------------------------------------------------- cd / # move to root directory cp vmunix vmunix.old # make copy of vmunix adb -w /vmnix /dev/kmem # invoking adb nobody/D # should say -2 nobody/W 0 # should say _nobody: 0xfffffffe = 0x0 nobody/D # should say 0 $w # write $q #quit Then, reboot with the new kernel. ================================================================================