2/24 Is there a good reason why UNIX prohibits normal users from
troll making NFS mounts?
troll \_ Well, it's not as good as prohibiting ANYONE from making an
troll NFS mount, but you have got to let SOMEONE do whatever they want on
troll a system, NFS mounts, after all, aren't ALWAYS the wrong solution.
troll (just usually).
troll \_ Solaris automounter allows any user to mount a filesystem from
troll remote host as long as it is exported to you. So there is a way
troll to do this on unix.
troll \_ automounter bad. very bad. evil. spawn of the devil.
troll only bill's network neighborhood is worse.
troll if you need automounter functionality use AFS (its free
troll now). AFS good.
troll \_ you don't do it, the autofs system does it for you. you
troll as a normal user just make requests to autofs. you can not,
troll as a normal user with normal user permissions, ask autofs
troll to mount a NFS export on any arbitrary mount point, only
troll on those mount points that autofs is configured to manage --
troll say /net, /home, /project, and you can not tell autofs, as
troll a normal user, what mount options to use --jon
troll \_ That's what I mean jon. Being able to mount things under
troll /net is still much better than not being able to mount
troll anything at all.
troll \_ If you could mount any filesystem you want, anywhere you want,
troll then you could do something like mount your own filesystem on
troll /etc containing a passwd file in which you know the root passwd
troll and give yourself root. (This is just one of many possibilities.)
troll \_ First of all, both /etc and /etc/passwd already exist and
troll they're both owned by root on that machine. You can't
troll overwrite them. Second of all, if there were to be such
troll thing as user-controlled NFS you shouldn't have any more
troll permissions than you normally would. In other words, if I
troll don't have permission to create a new file or directory in
troll / I shouldn't have the permission to mount a drive at that
troll location.
troll \_ But I could remotely mount your home directory on my
troll machine where I have root and su to the same uid/gid you
troll have on the remote host and then fuck with your files
troll over nfs as "you". Depending on how the mount points
troll are exported, I could do the same to root owned files
troll as well, such as /usr, /var, and others. Got the picture?
troll \_ We're talking about user controlled NFS clients, not
troll servers. As an NFS server, I, as root, would never
troll let you mount my disk so that you can fuck around
troll with it unless you had a legit reason in which case
troll I would have created a little restricted sandbox
troll directory for you to muck around with. But I think
troll it would be a useful idea (and relatively safe) to
troll have a SMB-like user-controlled mounting of remote
troll filesystems. I have yet to see why this is unsafe.
troll I have an account on CSUA called jondoe. On my
troll Unix box at home I want to mount everything in
troll ~jondoe at CSUA by supplying my jondoe username/
troll password pair and everything in ~jondoe is mounted
troll on my home computer. CSUA will only let me access
troll files in ~jondoe with the same permissions that
troll jondoe himself would normally be able to access.
troll \_ Yes. That's all well and good. Now explain what
troll prevents me from setting up a jondoe account on _my_
troll home machine with _your_ uid/gui and mounting _your_
troll jondoe account. NFS has what sort of security to
troll prevent this? None. Please explain why I couldn't
troll do this.
troll \_ First of all, even stock NFS controls what
troll machines you export to. Obviously it would be
troll silly to export csua home directories to the
troll world with no restrictions, but if you trust
troll a particular machine, this isn't a problem.
troll And second, NFS does have the facility to
troll use public-key authentication, though it's not
troll often used around here. -tom
troll \_ Because you have to have jondoe's password to do
troll this. Think of it this way. jondoe logs into
troll csua, and types some magical command called
troll "nfsexport home-machine-ip" which exports HIS
troll home directory to that IP. Or, he can run
troll "nfsexport jondoe@csua", type in his CSUA
troll password, and get access to his files. Yes,
troll NFS has minimalistic security, but it doesn't
troll have to be NFS, maybe another similar system.
troll Now explain to me why this won't work, and why
troll this system, which would seem very useful,
troll isn't in place.
troll \_ Yes! This is exactly what I mean. Why isn't this
troll done? -original poster
troll \_ Can you think about the potential problems?
troll \_ jondoe is exporting. Different from mounting.
troll What was your question again?
troll \_ Switch to plan9. |