Re: root user and nfs mounts

[joost witteveen]

-- Start of PGP signed section.
> Currently I mount my home directory from a departmental AIX machine using
> the following exports on the AIX machine:
> 
> /home3/telmerco -access=sargan:terrapin
> 
> and the following fstab on my debian hamm machine:
> 
> qed:/home3/telmerco   /home/telmerco/qed  nfs  defaults  0  0
> 
> Given this setup, as root I cannot cd into /home/telmerco/qed.
> [why root would like to cd anyway deleted]
> I dug through
> the man pages for nfs(5) and mount(8) and it seems like I could use
> something that maps root uid 0 to an anon uid that I specify, for example,
> 208 (telmerco's uid). Is this possible? 

Well, it isn't what you want. The mapping of uid 0 happens on the server
(the AIX in your case), and, as root cannot cd to your home dir, they've
already got that setup correctly [1]. What happens is that when root
cd's to your nfs mounted home dir, root gets maped to uid "nobody", and
nobody tries to cd into that dir. 

The only way I see you can allow root (thus nobody, unless you can
convince the AIX people to throw away all security on their
system) to cd into your home dir, is by chmod-ing your home dir to
something like 777. But then _everybody_ can do that -- probably not
what you want.

I'm not sure how tob works, but if it works anything like "dd of=/dev/tape",
you could try something like

  (su telmerco -c "tar -cvzf - /home3/telmerco") | dd of=/dev/tape


> Is it safe?

As long as the AIX people do their job properly, you cannot do anything
unsafe. And you cannot do what you want, I think.

> And finally, is there
> a better way to do it? Cheers, Colin.

Depends on tob. (see above).

[1] had they not done that, you'd be root very quickly on that system, 
    probably.

-- 
joost witteveen, [EMAIL PROTECTED]
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .