Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!husc6!spdcc!ftp!jbvb
From: jbvb@ftp.COM (James Van Bokkelen)
Newsgroups: comp.protocols.nfs
Subject: Re: PCNFS gid
Summary: If you were allowed to do that, security would be shot to hell...
Message-ID: <642@ftp.COM>
Date: 20 Apr 89 20:32:33 GMT
References: <462@sequoia.UUCP>
Organization: FTP Software Inc., Cambridge, MA
Lines: 22

In article <462@sequoia.UUCP>, teb@sequoia.UUCP (Thomas E. Bernhard) writes:
> How can I set my group id different from what the passwd file returns?
> The 'net name' command returns me with a group id but I belong to other
> groups (in yp database group). How can I set my group id for access to
> these other groups?

The fact that PCNFSD returns the UID/GID you wind up using is central
to the current "security" mechanism of NFS on DOS.  If you could set
it yourself, there would have to be some way of limiting the values you
could set.  One could enhance the authentication protocol implementation,
so that a list of valid UID/GIDs was returned, but that is a back-door route
to a "heuristic piratical NFS", which figures out which UID/GID can perform
the requested operation and switches to them on the fly...

The real solution is to change both the clients and servers so that
something substantial is passed in the "authentication" field.  I think
that Sun plans this in the next version of RPC.


-- 
James B. VanBokkelen		26 Princess St., Wakefield, MA  01880
FTP Software Inc.		voice: (617) 246-0900  fax: (617) 246-0901