Symbolic user names and RFS
Jerry Aguirre
jerry at oliveb.UUCP
Thu Feb 20 10:44:10 AEST 1986
In article <759 at im4u.UUCP> smoot at im4u.UUCP (Mitchell) writes:
>It seems that it is *imperative* for security reasons to have the same
>UID/GID ==> username mapping on any systems which share filesystems.
While, as my original article stated, having different numeric UID/GID
can be confusing to the naive, I don't see how it effects security.
Remember that, under RFS, your permissions on the remote machine are
based on your remote login account and have no direct relationship to
your home system UID or user name. More simply, accesses are being
performed by a server process not by your process. The server process
is operating under the UID of the remote account, not the UID of the
client.
So, the security is just as good as using rlogin/rsh. (Actually more
restricted because it doesn't honor /etc/hosts.equiv.) The only new
hole opened is for some unknowing super user to get confused about
ownership on remote files and try to "fix" them with chown.
Granted that it is a lot cleaner to maintain unique UIDs on all systems,
I don't see that it is necessary for RFS.
Jerry Aguirre @ Olivetti ATC
{hplabs|fortune|idi|ihnp4|tolerant|allegra|glacier|olhqma}!oliveb!jerry
More information about the Comp.unix.wizards
mailing list