[lug] another NFS question

Hugh Brown hugh at vecna.com
Mon Feb 18 11:31:06 MST 2002


Your memory is not mistaken.

e.g.  You have an NFS server that exports user home directories rw.  You
don't want any client machines to have root on the shares, so you set
the root_squash option (root on the client machine becomes uid 65534).

A user with local root on his/her laptop comes in and nfs mounts the
/home directory and accesses local account.  All is happy until the
laptop user realizes s/he can do this:

laptopuser% su - root
root% su - anyuser
anyuser%


The essentially have root on the share by being able to become any of
the other users. They won't be able to access anything that only the
server root can get at, but they can get to anything that any other user
could get at. 

Hugh

On Sat, 2002-02-16 at 20:04, Arlan Ramsay wrote:
> 
> I thought I had heard that NFS had some security problems.  If anyone
> could assure me that my memory is mistaken, that would be comforting.
> 
> Thanks,
> Arlan Ramsay
> 





More information about the LUG mailing list