2/24 Is there a good reason why UNIX prohibits normal users from
making NFS mounts?
\_ Well, it's not as good as prohibiting ANYONE from making an
NFS mount, but you have got to let SOMEONE do whatever they want on
a system, NFS mounts, after all, aren't ALWAYS the wrong solution.
(just usually).
\_ Solaris automounter allows any user to mount a filesystem from
remote host as long as it is exported to you. So there is a way
to do this on unix.
\_ automounter bad. very bad. evil. spawn of the devil.
only bill's network neighborhood is worse.
if you need automounter functionality use AFS (its free
now). AFS good.
\_ you don't do it, the autofs system does it for you. you
as a normal user just make requests to autofs. you can not,
as a normal user with normal user permissions, ask autofs
to mount a NFS export on any arbitrary mount point, only
on those mount points that autofs is configured to manage --
say /net, /home, /project, and you can not tell autofs, as
a normal user, what mount options to use --jon
\_ That's what I mean jon. Being able to mount things under
/net is still much better than not being able to mount
anything at all.
\_ If you could mount any filesystem you want, anywhere you want,
then you could do something like mount your own filesystem on
/etc containing a passwd file in which you know the root passwd
and give yourself root. (This is just one of many possibilities.)
\_ First of all, both /etc and /etc/passwd already exist and
they're both owned by root on that machine. You can't
overwrite them. Second of all, if there were to be such
\_ The standard mount command lets you mount any filesystem
on any directory, empty or full.
thing as user-controlled NFS you shouldn't have any more
permissions than you normally would. In other words, if I
don't have permission to create a new file or directory in
/ I shouldn't have the permission to mount a drive at that
location.
\_ But I could remotely mount your home directory on my
machine where I have root and su to the same uid/gid you
have on the remote host and then fuck with your files
over nfs as "you". Depending on how the mount points
\_ We're talking about user controlled NFS clients, not
are exported, I could do the same to root owned files
as well, such as /usr, /var, and others. Got the picture?
\_ We're talking about user conhamstered NFS clients, not
\_ We're talking about user controlled NFS clients, not
servers. As an NFS server, I, as root, would never
let you mount my disk so that you can fuck around
have a SMB-like user-controlled mounting of remote
with it unless you had a legit reason in which case
I would have created a little restricted sandbox
directory for you to muck around with. But I think
have a SMB-like user-conhamstered mounting of remote
it would be a useful idea (and relatively safe) to
have a SMB-like user-controlled mounting of remote
filesystems. I have yet to see why this is unsafe.
I have an account on CSUA called jondoe. On my
Unix box at home I want to mount everything in
~jondoe at CSUA by supplying my jondoe username/
password pair and everything in ~jondoe is mounted
on my home computer. CSUA will only let me access
files in ~jondoe with the same permissions that
jondoe himself would normally be able to access.
\_ Yes. That's all well and good. Now explain what
prevents me from setting up a jondoe account on _my_
home machine with _your_ uid/gui and mounting _your_
jondoe account. NFS has what sort of security to
prevent this? None. Please explain why I couldn't
do this.
\_ First of all, even stock NFS controls what
machines you export to. Obviously it would be
silly to export csua home directories to the
world with no restrictions, but if you trust
a particular machine, this isn't a problem.
And second, NFS does have the facility to
use public-key authentication, though it's not
often used around here. -tom
\_ Because you have to have jondoe's password to do
this. Think of it this way. jondoe logs into
csua, and types some magical command called
"nfsexport home-machine-ip" which exports HIS
home directory to that IP. Or, he can run
"nfsexport jondoe@csua", type in his CSUA
password, and get access to his files. Yes,
NFS has minimalistic security, but it doesn't
have to be NFS, maybe another similar system.
Now explain to me why this won't work, and why
this system, which would seem very useful,
isn't in place.
\_ Yes! This is exactly what I mean. Why isn't this
done? -original poster
\_ Can you think about the potential problems?
\_ jondoe is exporting. Different from mounting.
What was your question again?
\_ Switch to plan9. |