[lug] where are mount directory permissions set?

D. Stimits stimits at idcomm.com
Wed Mar 22 18:20:51 MST 2000


Samartha wrote:
> 
> I have a situation where a server program mounts a nfs file system from a
> Psion hand held computer under Linux over a serial line.
> 
...snip...

> 
>              if ((mfp = setmntent(MTAB_PATH, "a")))
>                addmntent(mfp, &mnt);
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug


Default nfs security requires that users and UID are the same on two
machines. Which means nfs might be easy to use to gain access that
shouldn't. By default, for this reason, nfs denies root access. You
can tell it not to do this. See "man exports". Here is an excerpt from
"man exports" (exports file is in /etc/):

     nfsd  bases its access control to files on the server machine on
the uid and gid provided in each NFS RPC request. The normal behav-
       ior a user would expect is that she can access her files on the
server just as she would on a normal file system. This requires that
       the same uids and gids are used on the client and the server
machine. This is not always true, nor is it always desirable.

       Very  often,  it  is  not  desirable  that the root user on a
client machine is also treated as root when accessing files on the NFS
       server. To this end, uid 0 is normally mapped to a different
id: the so-called anonymous or  nobody  uid.  This  mode  of 
operation
       (called `root squashing') is the default, and can be turned off
with no_root_squash.





More information about the LUG mailing list