WHO IS NOBODY?
Jonathan I. Kamens
jik at athena.mit.edu
Mon Mar 4 11:29:43 AEST 1991
(I've added comp.protocols.nfs to the Newsgroups of this thread, but I've
left comp.unix.admin in as well, since (after all) the concept of root and uid
0 is not an integral part of the NFS protocol; it's more of a Unix thing.)
In article <1991Mar2.003208.29486 at ux1.cso.uiuc.edu>, kemp at uiatma.atmos.uiuc.edu (John Kemp) writes:
|> Can anyone explain how the "nobody" comes into play in NFS?
|> For example, if I put "/exportdir remotemach.subdomain" in
|> the /etc/exports file, how do I control who accesses that?
|>
|> For example, what happens to remote users in the following cases?
|> root at remotemach.subdomain ( remote super-user )
Unless you have specified in /etc/exports that root is supposed to be
trusted, uid 0 on the remote machine will map to the nobody uid on the NFS
server. This is a security measure to prevent people who have broken into the
root account on the remote machine from playing around with the files on the
NFS server.
|> common at remotemach.subdomain ( uname/UID/GID same on both systems )
Well, then, the user on the remote machine will have the same access to the
NFS server's files as he would have if he were logged into it. This is
supposed to be the common case, right?
|> unknown at remotemach.subdomain ( known on remote, but not locally )
This will map to nobody on the NFS server as well.
|> How can I enable universal access to "remotemach.subdomain"?
Whta do you mean by "universal access?"
--
Jonathan Kamens USnail:
MIT Project Athena 11 Ashford Terrace
jik at Athena.MIT.EDU Allston, MA 02134
Office: 617-253-8085 Home: 617-782-0710
More information about the Comp.unix.admin
mailing list