Hidong Kim wrote:
>
> Hi,
>
> I have a network of three Mandrake 5.3 kernel 2.2.9 machines. All of
> their partitions are nfs mounted, and I can rlogin between all three of
> them. One of them has a 4 mm dds-2 tape drive. From one of the other
> two machines, I can access the tape drive to make backups with:
>
> tar cvf ripley:/dev/st0 /partitions
>
> where ripley is the name of the machine with the tape drive. However, I
> can only do this as a regular user from the two remote machines. I
> cannot issue this command as root on the other two machines. I get an
> error saying that permission is denied. Is root not allowed to access
> devices across a network? Thanks,
>
> Hidong
Recommended reading: Practical Unix and Internet Security, 2nd Edition,
Garfinkel and Spafford, publisher O'Reilly and Associates, copyright
1991 and 1996
NFS and root
root can do a lot of damage on the typical UNIX system
therefore NFS handles the superuser with special precautions on NFS
clients
Rather than giving the client superuser unlimited privileges on the NFS
server,
NFS give the superuser on the clients virtually no priveges:
the superuser gets mapped to the UID of the "nobody" user
Thus, superusers on NFS client machines actually have fewer privileges
with respect to the NFS server than ordinary users.
HTH
