Protecting NFS mounted filesystems from root on clients
eric%yamada-sun at cse.ogi.edu
eric%yamada-sun at cse.ogi.edu
Fri Nov 2 11:20:00 AEST 1990
Here's the deal: I've got 5 Suns, 4 of which are NFS clients of the fifth.
The server's /etc/exports looks like this:
/ -anon=0
/usr -anon=0
/home -anon=0
/little/local
/little/games
#
/export/root/cheapie -root=cheapie,access=cheapie
/little/export/cheapie -root=cheapie,access=cheapie
#
/export/exec/kvm/sun4c
/usr/kvm
/usr/share
#
/export/root/bob -root=bob,access=bob
/little/export/bob -root=bob,access=bob
(As you might have guessed, `bob' and `cheapie' are diskless clients).
Anyway, the time is going to come soon when we get a new workstation or
two, probably DECstations running Ultrix and/or Apollos under DOMAIN/IX.
I'm assuming that those systems will run NFS, and also be clients of our
server; I'm also assuming that I will not administer those systems.
Someone else will, and my problem is this: I would like to be able to
prevent root on those systems from having root privelege on the server.
The first thing I thought of was to remove the `-anon=0' from the server's
/etc/exports, but when I tried that, I started getting hourly messages on
some of the clients about not being able to write into /usr/spool/mqueue.
I also tried `-access=domain', but that didn't make any difference.
Ideas, anyone? I'll even appreciate RTFMs.
More information about the Comp.sys.sun
mailing list