Unexpected NFS Effects
Ken Hayman
ksh at itd.dsto.oz
Thu Jun 15 05:37:13 AEST 1989
We have a network of Sun 3/60's which have most of their files mounted from a
3/280 server via NFS. Both the server and the clients are running SunOS 3.5,
although I believe the effect is the same under 4.x. The server is configured in
the "secure" mode, where "root" on a client is mapped to "nobody" on the server
before access is granted, and this appears to be, in the main, working as
expected (eg I can't become root on a client then write into an NFS-mounted
directory).
An interesting effect that we found though involves files with mode 711 (I
suspect the 7 isn't important, but it doesn't work if the files are 700).
Given a such a file on the NFS mounted file system (ls -lg would show, eg,
-rwx--x--x 1 user group 10 Jun 14 10:00 file
), it has been found that if I log in a root on a client I can cp the file,
despite not owning the file (and not being part of "group").
Now I would expect that, if "root" was mapped to "nobody" on the server then I
should only have execute access to the file, and cp should give "permission
denied". My question is, is this
a) a known bug
b) a new bug
c) expected behaviour?
If the answer is (c), WHY is it expected behaviour (it seems intuitively
reasonable that if I haven't got READ access I shouldn't be able to copy the
file)
Ken Hayman
+-----------------------------------------------------------------------------+
| Ken Hayman, TCS Group, DSTO Salisbury, S.Aust ACSnet: ksh at itd.dsto.oz |
| Phone: +61 8 259 6340 Internet: ksh at itd.dsto.oz.au |
+-----------------------------------------------------------------------------+
More information about the Comp.unix.wizards
mailing list