Bug#384922: NFS insecure without support for squashing multiple groups

To: jrnieder@gmail.com
Cc: 384922@bugs.debian.org, vorlon@debian.org
Subject: Bug#384922: NFS insecure without support for squashing multiple groups
From: paul.szabo@sydney.edu.au
Date: Mon, 20 Feb 2012 07:11:01 +1100
Message-id: <[🔎] 201202192011.q1JKB1PB023203@bari.maths.usyd.edu.au>
Reply-to: paul.szabo@sydney.edu.au, 384922@bugs.debian.org
In-reply-to: <[🔎] 20120219154544.GC3657@burratino>

Dear Jonathan,

>> NFSv4+krb is better only because ...
> Surely the ability to squash multiple uids is also a help. ;-)

Not when asking to squash groups. :-)

I thought that idmapd worked also with AUTH_SYS.

> Do I understand correctly that you are requesting an export or mountd
> option filter_gid, which would behave like --manage-gids except it
> transforms the effective gid to anongid when the specified gid is not
> a group the user belongs to?  I haven't carefully looked over the
> protocol specs but at first glance that seems sensible.

Yes, my exact wish.

Thanks, Paul

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Reply to:

References:
- Bug#384922: NFS insecure without support for squashing multiple groups
  - From: Jonathan Nieder <jrnieder@gmail.com>

Prev by Date: Bug#660446: linux-image-3.2.0-1-4kc-malta: Should include built-in support for ext4
Next by Date: Bug#660554: Kernel crashes at boot in drivers/dma/ioat/dma_v2.c:163 when running under Xen 4.1
Previous by thread: Bug#384922: NFS insecure without support for squashing multiple groups
Next by thread: Bug#660394: linux-image-3.2.0-1-amd64: Screen goes blank @30 seconds into boot
Index(es):
- Date
- Thread