Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!samsung!zaphod.mps.ohio-state.edu!uwm.edu!rutgers!att!mcdchg!ddsw1!karl
From: karl@ddsw1.MCS.COM (Karl Denninger)
Newsgroups: comp.unix.i386
Subject: Re: RFS is by far better that NFS!
Summary: Yes, that worked -- somewhat
Message-ID: <1989Dec22.153653.4181@ddsw1.MCS.COM>
Date: 22 Dec 89 15:36:53 GMT
References: <218@inpnms.UUCP> <725@unix386.Convergent.COM> <1989Dec19.195321.3431@ddsw1.MCS.COM> <957@ursa-major.SPDCC.COM>
Reply-To: karl@mcs.MCS.COM (Karl Denninger)
Distribution: na
Organization: Macro Computer Solutions, Inc. - Mundelein, IL
Lines: 37

In article <957@ursa-major.SPDCC.COM> dyer@ursa-major.spdcc.COM (Steve Dyer) writes:
>In article <1989Dec19.195321.3431@ddsw1.MCS.COM> karl@mcs.MCS.COM (Karl Denninger) writes:
>>
>>The problem we have is that we have a physically secure network.  Thus, we
>>WANT root to really be root -- on all filesystems.  Allowing this lets us
>>put one big Exabyte tape drive on the network and back up everything.  It
>>allows us many other conveniences as well.
>>With 386/ix NFS, none of this is possible -- unless I want to write a tape
>>server.  Ugh.
>
>Can't you patch the value of the variable "nobody" in your ISC kernel?

Yep.  That was pointed out by a benevolent person; I have done it and it
works -- about 95%.

SUID root programs still can't get to files however.  "smail3" is a prime
example.  It can't find the paths database if I locate it on the server.
Says it can't open the file, but doesn't return an error code (yikes!).

I haven't looked at this closely yet, but will have to do so.....

>Most Sun-derived NFS ports use the value of the integer variable "nobody"
>as the UID to map root to.  If you use "adb" or something you hack
>yourself to change the value of "nobody" to 0, you should be all set.

Yep.

>I'm not an ISC user, but this is almost always consistent across most
>implementations.

It is, but undocumented.  No problem, that's what hacking is all about!

--
Karl Denninger (karl@ddsw1.MCS.COM, <well-connected>!ddsw1!karl)
Public Access Data Line: [+1 708 566-8911], Voice: [+1 708 566-8910]
Macro Computer Solutions, Inc.		"Quality Solutions at a Fair Price"