Anders Johansson wrote: > On Sunday 23 December 2007 19:12:41 Joe Sloan wrote:
> remote nfs root >> access gets mapped to nobody, with limited rights and privileges. > > I already responded to that, but ok: it only helps if root is the only one > allowed to write to the share. As soon as you have a user with write > permissions, a client can fake that user ID, because the server trusts it. Yes, I saw your response to the other guy after I'd already responded - I was talking about remote root access, which is disabled with the root_squash setting, but it is true that root on the remote machine can become any other user, which is a real problem unless you control the root account on the machines you trust. In the type of environment lynn was talking about, I don't imagine it would be a problem to control the root account though. > With nfs4 + kerberos, this problem doesn't exist. Users are properly > authenticated Hopefully that or something like it will become the standard nfs setup. Joe -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
