RFS is by far better that NFS!
Brian V. Smith
envbvs at epb2.lbl.gov
Sat Dec 16 04:46:08 AEST 1989
In article <218 at inpnms.UUCP>, logan at inpnms.UUCP (Jim Logan) writes:
< We all have 386's on our desks running RFS and have enjoyed
< having root access to our machines, but not on the server. From
< what we have read, this is not possible under NFS. Is this true?
<
< We are in the process of changing over to NFS from RFS under
< 386/ix in order to use the large disks on our MV 40000 running
< DG/UX.
<
< Is seems that the only way to prevent root access on the server
< under NFS is by appointing one person as the administrator. It
< doesn't make much sense to have one person responsible for an
< entire network of 386's. He would have to be responsible for
< changing the mode of files, killing processes, etc. No one
< around here wants grunt work like this.
<
< Is this really a security issue, or are we misinformed? Is
< there a solution?
Under Ultrix NFS, you can allow the superuser (root) from a client
machine access to a particular user-id (0, for example) on the server.
I quote (without permission) from exports(8nfs):
-r=uid Map client superuser access to uid on the file sys-
tem. If you want to allow client superuser access to
the file system with the same permissions as a local
superuser, use -r=0. Use the -r=0 option only if you
trust the superuser on the client system. The
default is -r=-2 which maps superuser to nobody.
This limits the access to world readable files.
_____________________________________
Brian V. Smith (bvsmith at lbl.gov)
Lawrence Berkeley Laboratory
I don't speak for LBL, these non-opinions are all mine.
More information about the Comp.unix.i386
mailing list