On Thu, 7 Nov 2002, Ed Wilts wrote: > I used 0/0 as an example. If you choose to map source uid/gid of > 500/500 to local uid/gid 600/600, then you still trust the remote > system's view of who 500/500 is. root_squash does not help you here.
root_squash and all_squash are mapped automatically to nobody. Sure, you could override that, but then you can stick a gun barrel in your mouth, too; doesn't mean it's wise, and the fault doesn't lay with the gun. If the nobody account does not have privelege, where is the problem? Who cares if the client claims to be root, or Fred Flintstone? Either way, they get the priveleges of nobody. Note that I'm not claiming NFS and RPC are secure. They both have plenty of problems. But the services can be locked down, and safely made available in environments where due diligence is maintained. A well-patched system, with the proper squashing and read-only exports whenever possible, netgroups properly defined, tcpwrappers properly configured, and a pro-active system administrator, can run NFS without getting hacked on a regular basis. It *does* take effort, though, and as you pointed out, you need to monitor all the NFS-connected systems, and not just the server. -- "Whenever I feel blue, I start breathing again." - Unknown -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list