Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!tut.cis.ohio-state.edu!purdue!decwrl!shelby!lindy!
From: brnstnd@stealth.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.questions
Subject: Re: NFS on HP9000/840, is single user access possible?
Message-ID: <608@stealth.acf.nyu.edu>
Date: 2 Jan 90 21:34:35 GMT
References: <614@nisca.ircc.ohio-state.edu>
Sender: news@lindy.Stanford.EDU (News Service)
Reply-To: brnstnd@stealth.acf.nyu.edu (Dan Bernstein)
Distribution: usa
Organization: IR
Lines: 39

(Apparently these messages weren't distributed before. Sorry.)

In article <614@nisca.ircc.ohio-state.edu> frank@hpuxa.ircc.ohio-state.edu (Frank G. Fiamingo) writes:
> I've just installed NFS on an HP9000/840 running HP-UX 3.11.  Some users
> have now asked if they can mount their personal directories from the
> 840 on their office workstations.

NFS assumes that the machines have the same administrative setup. -access
can do a bit of what you want, but you can't get full security.

In article <1531@cbnewsi.ATT.COM> plb@cbnewsi.ATT.COM (peter.l.berghold) writes:
> From article <614@nisca.ircc.ohio-state.edu>, by frank@hpuxa.ircc.ohio-state.edu (Frank G. Fiamingo):
> > I'm at a loss, though, as to how to accomplish the second objective: 
> > preventing unwanted access and maintaining security for other files
> > that might have to be exported along with his own.
> No quite true.   A root ID on one system under NFS has a UID of -1 when going
> to a foreign system.

But root is the only uid that's treated with such care. All other uids
(and gids) are unprotected. You're not addressing the issue: NFS assumes
that both machines are administered by the same people (running the same
yellow pages system, if possible). Root receives special treatment only
because it's so powerful.

Consider the link between phoenix.princeton.edu and bogey.princeton.edu.
The uids are matched but the gids aren't; so an undergraduate can access
phoenix files as a graduate by logging on to bogey. The security hole
there was caused by administrative negligence. Imagine the problems that
could arise if bogey were somebody's personal workstation.

-access (as an /etc/exports flag) is a partial solution, but it doesn't
really do the job.

> There has never been any security problems that I know of as a 
> result.

Then nobody's trying very hard to break security.

---Dan