Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!shadooby!samsung!zaphod.mps.ohio-state.edu!uwm.edu!rutgers!att!cbnewsi!plb
From: plb@cbnewsi.ATT.COM (peter.l.berghold)
Newsgroups: comp.unix.questions
Subject: Re: NFS on HP9000/840, is single user access possible?
Message-ID: <1531@cbnewsi.ATT.COM>
Date: 26 Dec 89 14:23:29 GMT
References: <614@nisca.ircc.ohio-state.edu>
Organization: AT&T Bell Laboratories
Lines: 37

From article <614@nisca.ircc.ohio-state.edu>, by frank@hpuxa.ircc.ohio-state.edu (Frank G. Fiamingo):
> 
> I've just installed NFS on an HP9000/840 running HP-UX 3.11.  Some users
Congrats!

> have now asked if they can mount their personal directories from the
> 840 on their office workstations.  These workstations may be Suns, Decs, HPs,
No problem.  Works fine.
> 
	[ stuff deleted ]
> I'm at a loss, though, as to how to accomplish the second objective: 
> preventing unwanted access and maintaining security for other files
> that might have to be exported along with his own.  e.g. if he has root
> priviledges on his own workstation he could easily set-up UIDs to gain
> read/write access to files that might be denied him otherwise.  Also,

No quite true.   A root ID on one system under NFS has a UID of -1 when going
to a foreign system.  So, if you are required to have ROOT access to access 
files on the remote system, even though you may be root on the local system 
you will be denied access on the remote system.  I checked with my SUN counter-
part here, and he tells me that this is consistant with what I have observed 
with the HP's.  I currently have several SUN workstations that access my 
HP9000/855 disks and have the owner's root logins on the HP's exported to 
the SUNs.  There has never been any security problems that I know of as a 
result.



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|             || Peter L. Berghold, AT&T, HRSAG, UUCP: att!violin!plb        |
|   _   /|    ||                                    +1 (201) 615-4419        |
|   \`o_O'    ||============================================================ |
|     ( )     || Disclaimer: If you find an opinion in this posting somewhere|
|      U      || it is no doubt mine, and not my employers.  I'm the only    |
|  Aachk!     || person crazy enough to take this stand!                     |
|      Phft!  ||                                                             |
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV