-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2007-12-23 at 19:31 +0100, primm wrote:
Another problem is that the nfs server in versions 3 and below fully trusts the client about user IDs. It won't put viruses on your machines, but it does mean that if you don't control the root account on all machines, anyone can read any file, or write to any share.
What? So, I login as me. There is no way nfs will let me write to the folders of other users. Unless the other user has given me permission to do so. What do you mean by 'control the root account on all machines'? No one else other than me can login as root on any box on my network. Could you please tell me if need to change my filesystem? What version of nfs do I have if I have opensuse version 10.3? Yes. I know I can find out. But please don't tell me where to stuff it.
What it means is that root on a machine that connects to the network can fake any user while connecting to the nfs server. Meaning, for example, that a guest with a laptop, if allowed to connect to the network, could gain access to any dir exported by nfs - at least with previous NFS versions. Which version do you have? Do 'cat /proc/fs/nfsd/versions', for instance. Or try 'nfsstat'. But I'm not allowed to write here, so please ignore me. :-P - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHbrT5tTMYHG2NR9URAiHoAJ98jlm/jUgspIUh021yuuFnUCMiEwCeJS4Q 6xbVVYyTfTaxofjadmVw1Cw= =gmiD -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org