Re: NFS and security
hi ya rafaele
if the other system needs to be able to read root owned files...
than have this server send that file to the other side....
"that file" being one of this types of files:
chmod 400 /etc/foo.txt
chown root.root /etc/foo.txt
scp /etc/foo.txt otherside:/etc/someplace
-- or --
scp otherside:/etc/foo.txt /tmp
diff /tmp/foo.txt /etc
-- or --
scp /net/otherside/etc/foo.txt /etc
you dont necessarily need/want no_root_squash to disable protection
of root-owned file... it's root owned and protected for a reason
and if you're doing chmod 777 /something/foo.txt
-- than that's even more reason and definitely disable
no_root_squash and find a better way of doing stuff
( you do not want either chmod 77x nor disabled root_squash )
===
=== turn offf root_squash
===
c ya
alvin
On Fri, 28 Jun 2002, Raffaele Sandrini wrote:
> On Friday 28 June 2002 17:56, Bob Proulx wrote:
> > > /path/to/system 10.1.1.0/24(rw,no_root_squash)
> >
> > Yes. Why do you need the no_root_squash enabled? I strongly
> > recommend you disable that. It is hard to think about any other
> > security improvements while that is enabled.
>
> I need it because the kernel wich mounts it connects to it as root. If root is
> squashed to nobody he wont be able to any of the files because they owned by
> root.
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: