2/24    Is there a good reason why UNIX prohibits normal users from
troll   making NFS mounts?
troll   \_ Well, it's not as good as prohibiting ANYONE from making an
troll      NFS mount, but you have got to let SOMEONE do whatever they want on
troll      a system, NFS mounts, after all, aren't ALWAYS the wrong solution.
troll      (just usually).
troll   \_ Solaris automounter allows any user to mount a filesystem from
troll      remote host as long as it is exported to you. So there is a way
troll      to do this on unix.
troll         \_ automounter bad. very bad. evil. spawn of the devil.
troll            only bill's network neighborhood is worse.
troll            if you need automounter functionality use AFS (its free
troll            now). AFS good.
troll      \_ you don't do it, the autofs system does it for you.  you
troll         as a normal user just make requests to autofs.  you can not,
troll         as a normal user with normal user permissions, ask autofs
troll         to mount a NFS export on any arbitrary mount point, only
troll         on those mount points that autofs is configured to manage --
troll         say /net, /home, /project, and you can not tell autofs, as
troll         a normal user, what mount options to use --jon
troll         \_ That's what I mean jon. Being able to mount things under
troll            /net is still much better than not being able to mount
troll            anything at all.
troll   \_ If you could mount any filesystem you want, anywhere you want,
troll      then you could do something like mount your own filesystem on
troll      /etc containing a passwd file in which you know the root passwd
troll      and give yourself root.  (This is just one of many possibilities.)
troll      \_ First of all, both /etc and /etc/passwd already exist and
troll         they're both owned by root on that machine. You can't
troll         overwrite them. Second of all, if there were to be such
troll         thing as user-controlled NFS you shouldn't have any more
troll         permissions than you normally would. In other words, if I
troll         don't have permission to create a new file or directory in
troll         / I shouldn't have the permission to mount a drive at that
troll         location.
troll           \_ But I could remotely mount your home directory on my
troll              machine where I have root and su to the same uid/gid you
troll              have on the remote host and then fuck with your files
troll              over nfs as "you".  Depending on how the mount points
troll              are exported, I could do the same to root owned files
troll              as well, such as /usr, /var, and others.  Got the picture?
troll              \_ We're talking about user controlled NFS clients, not
troll                 servers. As an NFS server, I, as root, would never
troll                 let you mount my disk so that you can fuck around
troll                 with it unless you had a legit reason in which case
troll                 I would have created a little restricted sandbox
troll                 directory for you to muck around with. But I think
troll                 it would be a useful idea (and relatively safe) to
troll                 have a SMB-like user-controlled mounting of remote
troll                 filesystems. I have yet to see why this is unsafe.
troll                 I have an account on CSUA called jondoe. On my
troll                 Unix box at home I want to mount everything in
troll                 ~jondoe at CSUA by supplying my jondoe username/
troll                 password pair and everything in ~jondoe is mounted
troll                 on my home computer. CSUA will only let me access
troll                 files in ~jondoe with the same permissions that
troll                 jondoe himself would normally be able to access.
troll                 \_ Yes.  That's all well and good.  Now explain what
troll                    prevents me from setting up a jondoe account on _my_
troll                    home machine with _your_ uid/gui and mounting _your_
troll                    jondoe account.  NFS has what sort of security to
troll                    prevent this?  None.  Please explain why I couldn't
troll                    do this.
troll                    \_ First of all, even stock NFS controls what
troll                       machines you export to.  Obviously it would be
troll                       silly to export csua home directories to the
troll                       world with no restrictions, but if you trust
troll                       a particular machine, this isn't a problem.
troll                       And second, NFS does have the facility to
troll                       use public-key authentication, though it's not
troll                       often used around here.  -tom
troll                    \_ Because you have to have jondoe's password to do
troll                       this.  Think of it this way.  jondoe logs into
troll                       csua, and types some magical command called
troll                       "nfsexport home-machine-ip" which exports HIS
troll                       home directory to that IP.  Or, he can run
troll                       "nfsexport jondoe@csua", type in his CSUA
troll                       password, and get access to his files.  Yes,
troll                       NFS has minimalistic security, but it doesn't
troll                       have to be NFS, maybe another similar system.
troll                       Now explain to me why this won't work, and why
troll                       this system, which would seem very useful,
troll                       isn't in place.
troll                 \_ Yes!  This is exactly what I mean.  Why isn't this
troll                    done?                -original poster
troll                    \_ Can you think about the potential problems?
troll                    \_ jondoe is exporting. Different from mounting.
troll                       What was your question again?
troll   \_ Switch to plan9.