Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!cs.utexas.edu!sun-barr!newstop!sun!bitbug From: bitbug@lonewolf.sun.com (James Buster) Newsgroups: comp.unix.i386 Subject: Re: RFS is by far better that NFS! Message-ID: Date: 15 Dec 89 06:02:56 GMT References: <218@inpnms.UUCP> Sender: news@sun.Eng.Sun.COM Followup-To: comp.unix.i386 Distribution: na Organization: Sun Microsystems Federal, Inc. Lines: 36 In-reply-to: logan@inpnms.UUCP's message of 15 Dec 89 00:16:52 GMT In article <218@inpnms.UUCP> logan@inpnms.UUCP (Jim Logan) writes: > We all have 386's on our desks running RFS and have enjoyed > having root access to our machines, but not on the server. From > what we have read, this is not possible under NFS. Is this true? > > We are in the process of changing over to NFS from RFS under > 386/ix in order to use the large disks on our MV 40000 running > DG/UX. > > Is seems that the only way to prevent root access on the server > under NFS is by appointing one person as the administrator. It > doesn't make much sense to have one person responsible for an > entire network of 386's. He would have to be responsible for > changing the mode of files, killing processes, etc. No one > around here wants grunt work like this. > > Is this really a security issue, or are we misinformed? Is > there a solution? I'm not sure what question you are asking? Do you mean, does a root user on the client have normal root file access permissions on file systems mounted from the server, or is a root user on the client able to log into the server as root? By default in NFS, a user with uid 0 is mapped to uid -2 when check permissions on NFS partitions. This means that a user with uid 0 cannot normally affect anything on an NFS mounted partition. This feature may be disabled. NFS has nothing to do with a user's ability to log in as root on a server. -- --------------------------------------------------------------------- James Buster (Domain) bitbug@lonewolf.ebay.sun.com Mad Hacker Extraordinaire (UUCP) ...!sun.com!lonewolf!bitbug ---------------------------------------------------------------------